Race Condition Affecting @genkit-ai/core package, versions <0.9.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-GENKITAICORE-12671226
- published17 Sept 2025
- disclosed1 May 2025
- creditUnknown
Introduced: 1 May 2025
CVE NOT AVAILABLE CWE-362 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade @genkit-ai/core to version 0.9.1 or higher.
Overview
@genkit-ai/core is a Genkit AI framework core libraries.
Affected versions of this package are vulnerable to Race Condition via the asynchronous user engagement collection in the appendSpan and collectUserEngagement methods, where calls were not correctly awaited. Improper handling of asynchronous functions can lead to unexpected behavior or data inconsistencies during user engagement tracking.