EUVD-2026-1969

Malicious code in immer-js npm...

MAL-2026-223 Malicious code in immer-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc0710eb5a0ad9d9eb01cbd2d6f7c1b9cc39b07636d82a05f2cafdf953756bd The package immer-js was found to contain malicious code. Source: ghsa-malware 920c7d161c9e90ea35c168d53dd01e0920704e5f35e76d330fac6fb3c0a2cb87 Any...

Malicious Package

Overview immer-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in immer-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc0710eb5a0ad9d9eb01cbd2d6f7c1b9cc39b07636d82a05f2cafdf953756bd The package immer-js was found to contain malicious code. Source: ghsa-malware 920c7d161c9e90ea35c168d53dd01e0920704e5f35e76d330fac6fb3c0a2cb87 Any...

EUVD-2021-0500

Malware in sbrugna...

EUVD-2021-1957

Malware in sbrugna...

immer-unter-strom.de Improper Access Control vulnerability OBB-3819124

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2020-28477

This affects all versions of package immer...

immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477

A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could execute arbitrary code on the system...

Security Bulletin: IBM App Connect Enterprise Certified Container Designers may be vulnerable to arbitrary code execution via CVE-2021-3757

Summary IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution via CVE-2021-3757. This only affects App Connect Designers Vulnerability Details CVEID: CVE-2021-3757 DESCRIPTION: Node.js immer module could allow a remote attacker to execute arbitrary code on t...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38749 more potentially affected by CVE-2021-3757 via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

GHSA-C36V-FMGQ-M8HX Prototype Pollution in immer

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

Prototype Pollution in immer

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

Prototype Pollution

immer is vulnerable prototype pollution. The vulnerability was introduced by the fix provided for CVE-2020-28477 which allows insecure modification of Object Prototype Attributes...

CVE-2021-3757

A flaw was found in immer when manipulates object attributes such as proto, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a...

GHSA-33F9-J839-RF8H Prototype Pollution in immer

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

Prototype Pollution in immer

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38749 more potentially affected by CVE-2021-23436 via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

CVE-2021-3757

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

CVE-2021-3757

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...