CVE-2020-35913

Name of the Vulnerable Software and Affected Versions lock api versions prior to 0.4.2

Description The issue is related to unsound implementations of the Send or Sync traits for certain guard objects in the lock api crate, including MappedMutexGuard, MappedRwLockReadGuard, MappedRwLockWriteGuard, RwLockReadGuard, and RwLockWriteGuard. This can lead to data races through types that are not safe to send across thread boundaries in safe Rust code.

Recommendations For versions prior to 0.4.2, update to version 0.4.2 or later to fix the issue by changing the trait bounds on the Mapped guard types and removing the Sync trait for the RwLock guards. As a temporary workaround, consider restricting the use of the vulnerable guard objects until a patch is available.