Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Immer
(Immer_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-19 | CVE-2020-28477 | This affects all versions of package immer. | Immer | N/A | ||
| 2021-09-01 | CVE-2021-23436 | This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "__proto__" || p === "constructor") in applyPatches_ returns false if p is ['__proto__'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type. | Immer | 9.8 | ||
| 2021-09-02 | CVE-2021-3757 | immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | Immer | 9.8 |