CVE-2020-36469

Name of the Vulnerable Software and Affected Versions appendix crate through 2020-11-15

Description The issue concerns the implementation of the Index<K, V> data structure in the appendix crate, which allows any type to inhabit the generic K and V type parameters and implements Send and Sync for them unconditionally. This can lead to data races when using types that are not marked as Send or Sync with Index across multiple threads. Additionally, using reference types for the keys or values can cause segmentation faults in the crate's code.

Recommendations For the appendix crate through 2020-11-15, consider avoiding the use of types that are not marked as Send or Sync with Index to prevent data races. Restrict the use of reference types for keys or values to minimize the risk of segmentation faults. At the moment, there is no information about a newer version that contains a fix for this vulnerability.