RUSTSEC-2020-0130 on 2020-11-12: Bunch<T> unconditionally implements Send/Sync

Affected versions of this crate unconditionally implements Send/Sync for Bunch<T>. This allows users to insert T: !Sync to Bunch<T>. It is possible to create a data race to a T: !Sync by invoking the Bunch::get() API (which returns &T) from multiple threads. It is also possible to send T: !Send to other threads by inserting T inside Bunch<T> and sending Bunch<T> to another thread, allowing to create a data race by inserting types like T = Rc<_>.

Such data races can lead to memory corruption.

CVE-2020-36450

GHSA-jwph-qp5h-f9wj

This crate has no reviews yet. To add a review, set up your cargo-crev.


Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.

To review the actual code of the crate, it's best to use cargo crev open bunch. Alternatively, you can download the tarball of bunch v0.1.0 or view the source online.