14 matches found
ROOT-APP-NPM-CVE-2026-3449 CVE-2026-3449 in @rootio/tootallnate__once - Patched by Root
Root has patched CVE-2026-3449 in the @rootio/tootallnateonce package for Root:npm. Multiple fixed versions available...
Fedora 42 : python-jupytext (2026-793b55138d)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-793b55138d advisory. This update contains upgrades to various npm packages used during the build to address CVEs, namely: - CVE-2025-69873 ajv - CVE-2026-0540 DOMPurify ...
SUSE CVE-2026-3449
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
@tootallnate/once vulnerable to Incorrect Control Flow Scoping
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
-fides-amor-et-lux (=1.0.0), -react-file-list-components (=1.1.1) +47195 more potentially affected by CVE-2026-3449 via @tootallnate/once (>=1.1.2 <=2.0.0)
@tootallnate/once NPM version =1.1.2, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and more...
GHSA-VPQ2-C234-7XJ6 @tootallnate/once vulnerable to Incorrect Control Flow Scoping
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
CVE-2026-3449
The CVE-2026-3449 entry concerns the package @tootallnate/once (versions before 3.0.1). Affected component: promise resolution flow when using the AbortSignal option, described as Incorrect Control Flow Scoping . Root cause: promise resolves in a way that leaves the Promise permanently pending af...
CVE-2026-3449
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
CVE-2026-3449
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
CVE-2026-3449
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
PT-2026-22719
Name of the Vulnerable Software and Affected Versions @tootallnate/once versions prior to 3.0.1 Description The package @tootallnate/once versions prior to 3.0.1 are susceptible to an issue with incorrect control flow scoping in promise resolving when the AbortSignal option is utilized. When the...
@activepieces/piece-snowflake (>=0.2.1 <=0.3.0), @bhanu17/nextjs-starter (>=1.2.0 <=2.2.14) +92 more potentially affected by CVE-2026-3449 via @tootallnate/once (=2.0.0)
@tootallnate/once NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @tootallnate/once and may be impacted: - @activepieces/piece-snowflake =0.2.1, =1.2.0, =0.0.18, =0.2.0, =0.0.6, =0.0.1, =50.32.5-depup.0, =0.6.0, =0.4.2, =0.1.10,...
Incorrect Control Flow Scoping
Overview Affected versions of this package are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This can cause a...
TooTallNate proxy-agents 安全漏洞
TooTallNate proxy-agents is a collection of various Node.js HTTP proxy implementations. A security vulnerability exists in TooTallNate proxy-agents, which stems from the use of undefined variables to raise a TypeError exception. A remote attacker can exploit this vulnerability to trigger a denial...