CVE-2020-36456

Name of the Vulnerable Software and Affected Versions toolshed crate through 2020-11-15 for Rust

Description The issue concerns the CopyCell<T> type in the toolshed crate, which lacks bounds on the contained type for the Send trait. This means that even though not all Copyable types are thread-safe, it is possible to send references to types with interior mutability, such as Cell, across threads. This can cause data races, particularly with non-mutable references that implement the Copy trait.

Recommendations For the toolshed crate through 2020-11-15, consider restricting the use of CopyCell<T> to prevent sending references to types with interior mutability across threads until a fix is available. As a temporary workaround, avoid using the CopyCell<T> type for non-thread-safe Copyable types. At the moment, there is no information about a newer version that contains a fix for this vulnerability.