CVE-2018-25026

Name of the Vulnerable Software and Affected Versions actix-web versions prior to 0.7.15

Description The issue concerns multiple memory safety problems, including unsoundly coercing immutable references to mutable references, unsoundly extending lifetimes of strings, and adding the Send marker trait to objects that cannot be safely sent between threads. This can result in various memory corruption scenarios, most likely use-after-free. A significant refactoring effort has been conducted to resolve these issues.

Recommendations For versions prior to 0.7.15, update to version 0.7.15 or later to resolve the memory safety issues. As a temporary workaround, consider restricting the use of functions that may unsoundly coerce references or extend lifetimes until a patch is available. Avoid using the Send marker trait on objects that cannot be safely sent between threads.