Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
控制流范围控制不正确
Vulnerability Title
@tootallnate/once 安全漏洞
Vulnerability Description
@tootallnate/once是Nathan Rajlich个人开发者的一个JavaScript代码库。 @tootallnate/once 3.0.1之前版本存在安全漏洞,该漏洞源于使用AbortSignal选项时,Promise解析存在控制流作用域错误,信号中止后Promise保持永久挂起状态,导致任何await或.then()使用无限期挂起,这可能引起控制流泄漏,导致请求停滞、工作线程阻塞或应用程序可用性降低。
CVSS Information
N/A
Vulnerability Type
N/A