From 8028b7b5bf57957bba932180d2c8ebd6329b9733 Mon Sep 17 00:00:00 2001
From: tuanaiseo <tuanaiseo@gmail.com>
Date: Tue, 7 Apr 2026 06:32:55 +0700
Subject: [PATCH] fix(security)(utils): unbounded async queue key growth can
 cause memory

`actions` stores promises by arbitrary `key` and never deletes completed entries. Repeated unique keys (especially attacker-controlled) can grow memory indefinitely, enabling a denial-of-service condition in long-lived processes.

Affected files: async-queue.js

Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
---
 src/utils/async-queue.js | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/utils/async-queue.js b/src/utils/async-queue.js
index 3e1d24995e5..f8a740417fc 100644
--- a/src/utils/async-queue.js
+++ b/src/utils/async-queue.js
@@ -6,8 +6,14 @@ export function isInQueue (key) {
 
 export function addToQueue (key, asyncAction) {
     const action = actions[key] || Promise.resolve();
+    const nextAction = action.then(() => asyncAction());
 
-    actions[key] = action.then(() => asyncAction());
+    actions[key] = nextAction;
 
-    return actions[key];
+    nextAction.finally(() => {
+        if (actions[key] === nextAction)
+            delete actions[key];
+    });
+
+    return nextAction;
 }