```toml
[advisory]
id = "RUSTSEC-2020-0139"
package = "dces"
date = "2020-12-09"
url = "https://gitlab.redox-os.org/redox-os/dces-rust/-/issues/8"
categories = ["memory-corruption", "thread-safety"]
keywords = ["concurrency"]
aliases = ["CVE-2020-36459", "GHSA-hxw9-jxqw-jc8j"]
cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"

[versions]
patched = []
```

# dces' World type can cause data races

The `World` type in `dces` is marked as `Send` without bounds on its
`EntityStore` and `ComponentStore`.

This allows non-thread safe `EntityStore` and `ComponentStore`s to be sent
across threads and cause data races.