ID: RUSTSEC-2020-0096 Summary: TreeFocus lacks bounds on its Send and Sync traits Reported: November 9, 2020 Issued: January 18, 2021 Package: im (crates.io) Type: INFO Unsound Categories: thread-safety Aliases: - CVE-2020-36204 - GHSA-q9h2-4xhf-23xx References: - https://github.com/bodil/im-rs/issues/157 CVSS Score: 4.7 (Medium) Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: High Patched: >=15.1.0 Unaffected: <12.0.0 Description: - Affected versions of contains that unconditionally implements and . - This allows a data race in safe Rust code if is extracted from type. Typical users that only use type are not affected. Advisory License: CC0-1.0