What is GHSA-w65j-g6c7-g3m4?

GHSA-w65j-g6c7-g3m4 is a security advisory published by GitHub Security Advisories with Medium severity. Multiple memory safety issues in actix-web

Why does GHSA-w65j-g6c7-g3m4 have no CVE ID yet?

GitHub Security Advisories published this advisory directly to customers before NVD assigned a CVE ID. This is the embargo-window disclosure pattern — vendors notify customers on day 0; NVD's public record follows days to weeks later.

Which products are affected by GHSA-w65j-g6c7-g3m4?

GHSA-w65j-g6c7-g3m4 affects 1 product, including: rust/actix-web:\u003c 0.7.19.

GHSA-w65j-g6c7-g3m4MediumDisclosed before NVD

Multiple memory safety issues in actix-web

Vendor

GitHub Security Advisories

Published

August 25, 2021

Last Modified

June 9, 2026

📋 Description

Affected versions contain multiple memory safety issues, such as:

Unsoundly coercing immutable references to mutable references
Unsoundly extending lifetimes of strings
Adding the Send marker trait to objects that cannot be safely sent between threads

This may result in a variety of memory corruption scenarios, most likely use-after-free.

A signficant refactoring effort has been conducted to resolve these issues.

🎯 Affected products1

rust/actix-web:< 0.7.19

🔗 References (3)

https://github.com/actix/actix-web/issues/289
https://rustsec.org/advisories/RUSTSEC-2018-0019.html
https://github.com/advisories/GHSA-w65j-g6c7-g3m4