Vulnerabilities

 1 via 2 paths

Dependencies

 86

Source

 GitHub

Commit

 f2eae901

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Incorrect Control Flow Scoping

  • Vulnerable module: @tootallnate/once
  • Introduced through: @google-cloud/storage@7.19.0

Detailed paths

  • Introduced through: @parse/gcs-files-adapter@parse-community/parse-server-gcs-adapter#f2eae901511f720df9ea64397c4b23e1498f3fe7 @google-cloud/storage@7.19.0 teeny-request@9.0.0 http-proxy-agent@5.0.0 @tootallnate/once@2.0.0
  • Introduced through: @parse/gcs-files-adapter@parse-community/parse-server-gcs-adapter#f2eae901511f720df9ea64397c4b23e1498f3fe7 @google-cloud/storage@7.19.0 retry-request@7.0.2 teeny-request@9.0.0 http-proxy-agent@5.0.0 @tootallnate/once@2.0.0

Overview

Affected versions of this package are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.

Remediation

Upgrade @tootallnate/once to version 3.0.1 or higher.

References

Incorrect Control Flow Scoping vulnerability report