CVE-2020-36220

Name of the Vulnerable Software and Affected Versions va-ts crate versions prior to 0.0.4

Description The issue arises from the Demuxer implementation in the va-ts crate, which lacks a required T: Send bound. This omission allows sending a non-Send type T across thread boundaries, potentially causing undefined behavior, such as unlocking a mutex from a thread that didn't lock it, or memory corruption due to data races.

Recommendations For versions prior to 0.0.4, update to version 0.0.4 or later to resolve the issue. As a temporary workaround, consider adding a T: Send bound to the Send impl for Demuxer to prevent sending non-Send types across thread boundaries.