CVE-2020-36448: 
Rust vulnerability analysis and mitigation

A critical vulnerability was discovered in the cache crate for Rust, tracked as CVE-2020-36448. The issue was identified on November 24, 2020, affecting all versions through that date. The vulnerability stems from unconditional implementations of Send and Sync traits for Cache, which impacts thread safety in Rust applications using this crate (RustSec Advisory).

The vulnerability arises from the cache crate's implementation that unconditionally implements Send/Sync for Cache without proper trait bounds. This implementation allows users to insert K types that are neither Send nor Sync safe. The issue has a CVSS v3.1 score of 8.1 (High), with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high potential impact on confidentiality, integrity, and availability (RustSec Advisory).

The vulnerability enables the creation of data races through multiple vectors: using non-Send types like Arc> or Rc as K in Cache, or by utilizing types like Cell or RefCell that are Send but not Sync. These data races can potentially lead to memory corruption in affected applications (RustSec Advisory).

As of the advisory publication, no patched versions are available for this vulnerability. Users of the cache crate should carefully review their usage of Cache and ensure they are not using it with types that could lead to thread-safety violations (RustSec Advisory).