CVE-2020-35898

Name of the Vulnerable Software and Affected Versions actix-utils crate versions prior to 2.0.0

Description The issue arises from the custom implementation of a Cell primitive in the affected versions of the actix-utils crate, which fails to track mutable references to the underlying data. This allows obtaining multiple mutable references to the same object, potentially resulting in arbitrary memory corruption, most likely use-after-free.

Recommendations For versions prior to 2.0.0, update to version 2.0.0 or later, which corrects the flaw by switching from a bespoke Cell implementation to Rc<RefCell>.