CVE-2026-3449 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. Th…
Medium CVSS: 4.8

CVE-2026-3449

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.
Vendor
-
Product
-
CWE
CWE-705
Yayın Tarihi
2026-03-03 05:17:25
Güncelleme
2026-03-03 21:52:29
Source Identifier
report@snyk.io
KEV Date Added
-

Kategoriler

CWE-705 MEDIUM 2026

Referanslar

https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a https://github.com/TooTallNate/once/issues/8 https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612