{"ecosystem":"cargo","package":"futures-util","version":null,"bugs":[{"id":883,"ecosystem":"cargo","package_name":"futures-util","affected_version":"0.3.0","fixed_version":"0.3.2","bug_id":"osv:RUSTSEC-2020-0062","title":"Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption","description":"Affected versions of the crate had an unsound `Sync` implementation on the `FuturesUnordered` structure, which used a `Cell` for\ninterior mutability without any code to handle synchronized access to the underlying task list's length and head safely.\n\nThis could of lead to data corruption since two threads modifying the list at once could see incorrect values due to the lack\nof access synchronization.\n\nThe issue was fixed by adding access synchronization code around insertion of tasks into the list.","severity":"medium","status":"fixed","source":"osv","source_url":"https://crates.io/crates/futures-util","labels":["CVE-2020-35908","GHSA-5r9g-j7jj-hw6c"],"created_at":"2026-04-19T04:32:03.436368+00:00","updated_at":"2026-04-19T04:32:03.436368+00:00"},{"id":882,"ecosystem":"cargo","package_name":"futures-util","affected_version":"0.3.2","fixed_version":"0.3.7","bug_id":"osv:RUSTSEC-2020-0059","title":"MutexGuard::map can cause a data race in safe code","description":"Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U.\n\nThis could of led to data races in safe Rust code when a closure used in MutexGuard::map() returns U that is unrelated to T.\n\nThe issue was fixed by fixing `Send` and `Sync` implementations, and by adding a `PhantomData<&'a mut U>` marker to the `MappedMutexGuard` type to tell the compiler that the guard is over\nU too.","severity":"medium","status":"fixed","source":"osv","source_url":"https://crates.io/crates/futures-util","labels":["CVE-2020-35905","GHSA-rh4w-94hh-9943"],"created_at":"2026-04-19T04:32:03.435935+00:00","updated_at":"2026-04-19T04:32:03.435935+00:00"},{"id":881,"ecosystem":"cargo","package_name":"futures-util","affected_version":"0.3.2","fixed_version":"0.3.7","bug_id":"osv:GHSA-rh4w-94hh-9943","title":"MutexGuard::map can cause a data race in safe code","description":"Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U.\n\nThis could of led to data races in safe Rust code when a closure used in MutexGuard::map() returns U that is unrelated to T.\n\nThe issue was fixed by fixing Send and Sync implementations, and by adding a PhantomData<&'a mut U> marker to the MappedMutexGuard type to tell the compiler that the guard is over U too.","severity":"medium","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35905","labels":["CVE-2020-35905","RUSTSEC-2020-0059"],"created_at":"2026-04-19T04:32:03.435452+00:00","updated_at":"2026-04-19T04:32:03.435452+00:00"},{"id":880,"ecosystem":"cargo","package_name":"futures-util","affected_version":"0.3.0","fixed_version":"0.3.2","bug_id":"osv:GHSA-5r9g-j7jj-hw6c","title":"Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption","description":"An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled.","severity":"medium","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35908","labels":["CVE-2020-35908","RUSTSEC-2020-0062"],"created_at":"2026-04-19T04:32:03.434488+00:00","updated_at":"2026-04-19T04:32:03.434488+00:00"}],"total":4,"_cache":"miss"}