3 matches found
CVE-2026-3449 vulnerabilities
Vulnerabilities for packages: argo-workflows, langfuse, prism, code-server, opensearch-dashboards, sqlpad, tileserver-gl, vitess, kubeflow-pipelines...
CVE-2026-3449
A flaw was found in @tootallnate/once. When the AbortSignal option is used, a Promise can remain in a permanently pending state after the signal is aborted. This incorrect control flow scoping can lead to stalled requests, blocked workers, or degraded application availability. Mitigation Mitigati...
-fides-amor-et-lux (=1.0.0), -react-file-list-components (=1.1.1) +47195 more potentially affected by CVE-2026-3449 via @tootallnate/once (>=1.1.2 <=2.0.0)
@tootallnate/once NPM version =1.1.2, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and more...