SNYK-JS-TOOTALLNATEONCE-15250612
## Overview Affected versions of this package are vulnerable to Incorrect Control Flow Scoping in promise resolving when `AbortSignal` option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any `await` or `.then()` usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability. ## Remediation Upgrade `@tootallnate/once` to version 3.0.1 or higher. ## References - [GitHub Commit](https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a) - [GitHub Issue](https://github.com/TooTallNate/once/issues/8)
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 0 |
Timeline
- Feb 2, 2026 CVE Updated
- Mar 2, 2026 CVE Published