CVE-2020-35711

Name of the Vulnerable Software and Affected Versions arc-swap crate versions prior to 0.4.8 arc-swap crate versions 1.x prior to 1.1.0

Description An issue has been discovered in the arc-swap crate for Rust. Use of arc swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map.

Recommendations For versions prior to 0.4.8, update to version 0.4.8 or later to resolve the issue. For versions 1.x prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider replacing the implementation with one that does not use unsafe, at the cost of added Clone bound on the closure and a small penalty on performance.