GHSA-f27p-cmv8-xhm6: fetch: Authorization headers not dropped when redirecting cross-origin

GHSA-2p95-8xvm-2pjx: REDAXO CMS Cross-site Scripting vulnerability

GHSA-m78c-qx99-mvw9: Grav Cross-site Scripting vulnerability

GHSA-237r-r8m4-4q88: Guzzle OAuth Subscriber has insufficient nonce entropy

GHSA-v6jv-p6r8-j78w: NiceGUI On Air authentication issue

Version 3.0.0 introduced an `AtomicStr` type, that is used to store the current locale. It stores the locale as a raw pointer to an `Arc<String>`. The locale can be read with `AtomicStr::as_str()`. `AtomicStr::as_str()` does not increment the usage counter of the `Arc`.

If the locale is changed in one thread, another thread can have a stale -- possibly already freed -- reference to the stored string.


1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-c8v3-jhv9-4ppc

**Use-after-free when setting the locale**

Moderate severity GitHub Reviewed Published Jan 23, 2024 to the GitHub Advisory Database • Updated Jan 23, 2024

**Package**

cargo rust-i18n-support (Rust)

**Affected versions**

\>= 3.0.0, < 3.0.1

Published to the GitHub Advisory Database

Jan 23, 2024

Last updated

Jan 23, 2024

Headline

GHSA-c8v3-jhv9-4ppc: Use-after-free when setting the locale

ghsa: Latest News