CVE-2018-25025

Name of the Vulnerable Software and Affected Versions actix-web crate versions prior to 0.7.15

Description The issue concerns multiple memory safety problems, including unsoundly coercing immutable references to mutable references, unsoundly extending lifetimes of strings, and adding the Send marker trait to objects that cannot be safely sent between threads. This may result in various memory corruption scenarios, most likely use-after-free. A significant refactoring effort has been conducted to resolve these issues.

Recommendations For versions prior to 0.7.15, update to version 0.7.15 or later to resolve the memory safety issues. As a temporary workaround, consider restricting the use of functions that may lead to memory corruption until a patch is applied. Avoid using the affected crate in multithreaded environments where the Send marker trait is utilized until the issue is resolved.