Affected versions of this crate unconditionally implemented Send for types used in queue implementations (InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, FutInnerRecv<RW, T>).

This allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior.

The flaw was corrected in v0.1.7 by adding T: Send bound to to the Send impl of four data types explained above.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-36214
• abbychau/multiqueue2#10
• https://rustsec.org/advisories/RUSTSEC-2020-0106.html