Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-41167
HistoryOct 20, 2021 - 7:15 p.m.

CVE-2021-41167

2021-10-2019:15:07
Google
osv.dev
6
modern-async
javascript
library
bug
security
issues
async/await
promises

EPSS

0.002

Percentile

64.6%

JSON

modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. In affected versions a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they don’t. Any code calling these functions will be written thinking they would limit the concurrency but they won’t. This could lead to potential security issues in other projects. The problem has been patched in 1.0.4. There is no workaround.

Related

osv 1
github 1
veracode 1
prion 1
nvd 1
cvelist 1
cve 1
osv
osv
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
2021-10-21 17:49:30
github
github
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
2021-10-21 17:49:30
veracode
veracode
Denial Of Service (DoS)
2021-10-21 05:10:32
prion
prion
Code injection
2021-10-20 19:15:00
nvd
nvd
CVE-2021-41167
2021-10-20 19:15:07
cvelist
cvelist
CVE-2021-41167 Unlimited requests in modern-async
2021-10-20 18:25:12
cve
cve
CVE-2021-41167
2021-10-20 19:15:07

EPSS

0.002

Percentile

64.6%

JSON
Related for OSV:CVE-2021-41167
osv1github1veracode1prion1nvd1cvelist1cve1