modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
- Severity:
- High
Description
This is a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they don’t. Any code calling these functions will be written thinking they would limit the concurrency but they won’t. This could lead to potential security issues in other projects.
Recommendation
Update the modern-async package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.4
- Patched version(s): 1.0.4
References
Related Issues
- Insecure random number generation in keypair - CVE-2021-41117
- Vite's `server.fs.deny` did not deny requests for patterns with directories. - CVE-2024-31207
- Prototype Pollution in async - CVE-2021-43138
- When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id - CVE-2023-35167
- Tags:
- npm
- modern-async
Anything's wrong? Let us know Last updated on January 27, 2023