mixpanel-node icon indicating copy to clipboard operation
mixpanel-node copied to clipboard
verified publisher icon mixpanel

import_batch execution leak vulnerability

Open developersteve opened this issue 2 years ago • 0 comments

There is an execution leak issue associated with the import_batch function, this seems to have been a reported issue for a few years and does indeed seem to exist.

It can be replicated with the following script and is detected when an initial invocation has not completed when a new invocation is triggered.

var Mixpanel = require('mixpanel');

exports.handler = async (event, context) => {
    context.callbackWaitsForEmptyEventLoop = false;
    
    // import an old event
    var mixpanel_importer = Mixpanel.init(token', {
        secret: "secret"
    });
    mixpanel_importer.set_config({ debug: true });
    
    
    // import multiple events at once
    mixpanel_importer.import_batch([
        {
            event: 'old event',
            properties: {
                time: new Date(2012, 4, 20, 12, 34, 56),
                distinct_id: 'billybob',
                gender: 'male'
            }
        },
        {
            event: 'another old event',
            properties: {
                time: new Date(2012, 4, 21, 11, 33, 55),
                distinct_id: 'billybob',
                color: 'red'
            }
        }
    ]);
    
};

developersteve avatar Feb 15 '23 06:02 developersteve