2 matches found
@bitsocial/ai-moderation-challenge (>=0.1.0 <=0.1.1), @bitsocial/bitsocial-cli (>=0.19.44 <=0.19.71) +6 more potentially affected by CVE-2026-46679 via @libp2p/gossipsub (>=15.0.0-049bfa0fa <=15.0.23-3574648c3)
@libp2p/gossipsub NPM version =15.0.0-049bfa0fa, =0.1.0, =0.19.44, =0.1.0, =0.1.0, =0.1.0, =6.0.0-049bfa0fa, =9.0.0-049bfa0fa, =0.0.17, =0.0.45 Source cves: CVE-2026-46679 Source advisory: SNYK:JS-LIBP2PGOSSIPSUB-16798774...
Missing Release of Memory after Effective Lifetime
Overview @libp2p/gossipsub is an A typescript implementation of gossipsub Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime through unbounded growth of the topics data structure when processing subscription requests. An attacker can exhaust...