{
  "schema_version": "1.4.0",
  "id": "GHSA-67r5-rqwv-9p9q",
  "modified": "2025-03-31T16:13:34Z",
  "published": "2025-03-31T16:13:34Z",
  "aliases": [],
  "summary": "array-init-cursor is unsound when used with types that implement `Drop`",
  "details": "The `Drop` implementation will get run twice when using the cursor.\n\nThis issue does not affect you, if you are using only using the crate with types that are `Copy` such as `u8`.\n\nThis issue also does not affect you, if you are only depending on it through the crate `planus`.",
  "severity": [
    {
      "type": "CVSS_V4",
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "array-init-cursor"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.1"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/planus-org/planus/issues/293"
    },
    {
      "type": "WEB",
      "url": "https://github.com/planus-org/planus/pull/294"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/planus-org/planus"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0019.html"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-672"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-31T16:13:34Z",
    "nvd_published_at": null
  }
}