CVE-2020-36442

Name of the Vulnerable Software and Affected Versions beef crate versions prior to 0.5.0

Description An issue was discovered in the beef crate for Rust, where beef::Cow has no Sync bound on its Send trait. This allows users to create data races by making Cow contain types that are (Send && !Sync) like Cell< > or RefCell< >. Such data races can lead to memory corruption.

Recommendations For versions prior to 0.5.0, update to version 0.5.0 or later, which includes the corrected Send impl for Cow<' , T, U> with added trait bounds T: Sync and T::Owned: Send. As a temporary workaround, consider avoiding the use of Cow with types that are (Send && !Sync) until the issue is resolved.