F-2025-0023·configuration

Missing HTTP request timeouts across modules in widgets

Acknowledgedtypescriptwidgetrouter-api
TL;DR

Beyond the SKIP API clients (L-17), other HTTP client paths in the widget similarly lacked request timeouts, leaving multiple flows vulnerable to slow-upstream stalls.

Severity
LOW
Impact
LOW
Likelihood
MEDIUM
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

Multiple HTTP client paths across the widget (beyond the SKIP API specifically) lacked request timeouts. A slow upstream on any of these paths could stall the widget flow.

03Section · Recommendation

Recommendation

Centralize HTTP client construction and apply a sensible default timeout to every client. Audit individual call sites for any that override or disable the default.

Initia: Acknowledged. Pashov Audit Group: Acknowledged.

ZEALYNX SECURITY · published 2025-06-23
F-2025-0023