CVE-2018-25024

Name of the Vulnerable Software and Affected Versions actix-web versions prior to 0.7.15

Description The issue is related to multiple memory safety problems, including unsoundly coercing immutable references to mutable references, unsoundly extending lifetimes of strings, and adding the Send marker trait to objects that cannot be safely sent between threads. This may result in various memory corruption scenarios, most likely use-after-free.

Recommendations For versions prior to 0.7.15, update to version 0.7.15 or later to resolve the memory safety issues. As a temporary workaround, consider restricting the use of functions that may be affected by the memory corruption until a patch is available. Avoid using the affected crate in multithreaded environments until the issue is resolved.