CVE-2020-35910

Name of the Vulnerable Software and Affected Versions lock api versions prior to 0.4.2

Description An issue in the lock api crate for Rust can cause a data race due to unsoundness in certain guard objects. These include MappedMutexGuard, MappedRwLockReadGuard, MappedRwLockWriteGuard, RwLockReadGuard, and RwLockWriteGuard. The unsoundness allows data races through types that are not safe to send across thread boundaries in safe Rust code.

Recommendations For versions prior to 0.4.2, update to version 0.4.2 or later to fix the issue by changing the trait bounds on the Mapped guard types and removing the Sync trait for the RwLock guards. As a temporary workaround, consider restricting the use of the affected guard objects to minimize the risk of exploitation.