Name of the Vulnerable Software and Affected Versions PyO3 versions prior to 0.23

Description The family of functions to read "borrowed" values from Python weak references were fundamentally unsound due to the weak reference not having ownership of the value. This could lead to a dangling borrowed value if the last strong reference was cleared.

Recommendations For PyO3 versions prior to 0.23, consider updating to version 0.23 or later, as the problematic functions will be removed entirely in this version. For PyO3 version 0.22.4, the functions have been deprecated and patched to leak a strong reference as a mitigation, but it is still recommended to update to a version where these functions are removed.