Vulnerabilities

 1 via 3 paths

Dependencies

 105

Source

 GitHub

Commit

 e0487ea7

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Incorrect Control Flow Scoping

  • Vulnerable module: @tootallnate/once
  • Introduced through: @google-cloud/bigquery@8.2.0

Detailed paths

  • Introduced through: promotime@JustinBeckwith/promotime#e0487ea7e26a23ffc456a76f3eae9cd54ded48ba @google-cloud/bigquery@8.2.0 teeny-request@10.1.0 http-proxy-agent@5.0.0 @tootallnate/once@2.0.0
  • Introduced through: promotime@JustinBeckwith/promotime#e0487ea7e26a23ffc456a76f3eae9cd54ded48ba @google-cloud/bigquery@8.2.0 @google-cloud/common@6.0.0 teeny-request@10.1.0 http-proxy-agent@5.0.0 @tootallnate/once@2.0.0
  • Introduced through: promotime@JustinBeckwith/promotime#e0487ea7e26a23ffc456a76f3eae9cd54ded48ba @google-cloud/bigquery@8.2.0 @google-cloud/common@6.0.0 retry-request@8.0.2 teeny-request@10.1.0 http-proxy-agent@5.0.0 @tootallnate/once@2.0.0

Overview

Affected versions of this package are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.

Remediation

Upgrade @tootallnate/once to version 3.0.1 or higher.

References

Incorrect Control Flow Scoping vulnerability report