modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
- Severity:
- High
Description
This is a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they don’t. Any code calling these functions will be written thinking they would limit the concurrency but they won’t. This could lead to potential security issues in other projects.
Recommendation
Update the modern-async package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.4
- Patched version(s): 1.0.4
References
Related Issues
- Websites were able to send any requests to the development server and read the response in vite - CVE-2025-24010
- Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - CVE-2023-45133
- Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc - CVE-2025-24981
- Vega Expression Language `scale` expression function Cross Site Scripting (GHSA-4vq7-882g-wcg4) - CVE-2023-26486
- Tags:
- npm
- modern-async
Anything's wrong? Let us know Last updated on January 27, 2023