RUSTSEC-2020-0139
on 2020-12-09: dces' World type can cause data races
This crate has no reviews yet. To add a review, set up your cargo-crev
.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.
To review the actual code of the crate, it's best to use cargo crev open dces
. Alternatively, you can download the tarball of dces v0.3.1 or view the source online.
The
World
type indces
is marked asSend
without bounds on itsEntityStore
andComponentStore
.This allows non-thread safe
EntityStore
andComponentStore
s to be sent across threads and cause data races.CVE-2020-36459
GHSA-hxw9-jxqw-jc8j