```toml
[advisory]
id = "RUSTSEC-2018-0019"
package = "actix-web"
categories = ["memory-corruption"]
date = "2018-06-08"
url = "https://github.com/actix/actix-web/issues/289"
aliases = ["CVE-2018-25024", "CVE-2018-25025", "CVE-2018-25026", "GHSA-7x36-h62w-vw65", "GHSA-9qj6-4rfq-vm84", "GHSA-fgfm-hqjw-3265", "GHSA-w65j-g6c7-g3m4"]

[versions]
patched = [">= 0.7.15"]
```

# Multiple memory safety issues

Affected versions contain multiple memory safety issues, such as:

 - Unsoundly coercing immutable references to mutable references
 - Unsoundly extending lifetimes of strings
 - Adding the `Send` marker trait to objects that cannot be safely sent between threads

This may result in a variety of memory corruption scenarios, most likely use-after-free.
 
A significant refactoring effort has been conducted to resolve these issues.