Find, fix and prevent vulnerabilities in your code.
medium severity
new
- Vulnerable module: @tootallnate/once
- Introduced through: @google-cloud/common@5.0.2 and firebase-admin@12.7.0
Detailed paths
-
Introduced through: @google-cloud/debug-agent@GoogleCloudPlatform/cloud-debug-nodejs#10f202ba8b6efc67651fe066040cb19578673249 › @google-cloud/common@5.0.2 › teeny-request@9.0.0 › http-proxy-agent@5.0.0 › @tootallnate/once@2.0.0
-
Introduced through: @google-cloud/debug-agent@GoogleCloudPlatform/cloud-debug-nodejs#10f202ba8b6efc67651fe066040cb19578673249 › @google-cloud/common@5.0.2 › retry-request@7.0.2 › teeny-request@9.0.0 › http-proxy-agent@5.0.0 › @tootallnate/once@2.0.0
-
Introduced through: @google-cloud/debug-agent@GoogleCloudPlatform/cloud-debug-nodejs#10f202ba8b6efc67651fe066040cb19578673249 › firebase-admin@12.7.0 › @google-cloud/storage@7.19.0 › teeny-request@9.0.0 › http-proxy-agent@5.0.0 › @tootallnate/once@2.0.0
-
Introduced through: @google-cloud/debug-agent@GoogleCloudPlatform/cloud-debug-nodejs#10f202ba8b6efc67651fe066040cb19578673249 › firebase-admin@12.7.0 › @google-cloud/storage@7.19.0 › retry-request@7.0.2 › teeny-request@9.0.0 › http-proxy-agent@5.0.0 › @tootallnate/once@2.0.0
-
Introduced through: @google-cloud/debug-agent@GoogleCloudPlatform/cloud-debug-nodejs#10f202ba8b6efc67651fe066040cb19578673249 › firebase-admin@12.7.0 › @google-cloud/firestore@7.11.6 › google-gax@4.6.1 › retry-request@7.0.2 › teeny-request@9.0.0 › http-proxy-agent@5.0.0 › @tootallnate/once@2.0.0
Overview
Affected versions of this package are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.
Remediation
Upgrade @tootallnate/once to version 3.0.1 or higher.