CVE-2021-39228
CVE-2021-39228 affects Tremor 0.7.2–0.11.6, including the tremor-script crate. The issue is a memory-safety bug that occurs when using tremor-script’s patch or merge on the state and assigning the result back to state; the optimizer could modify the target in place, leaving references to memory t...