9 matches found
EUVD-2021-1957
Malware in sbrugna...
-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38749 more potentially affected by CVE-2021-3757 via immer (>=7.0.0 <=9.0.5)
immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...
GHSA-33F9-J839-RF8H Prototype Pollution in immer
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...
CVE-2021-23436
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...
-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38749 more potentially affected by CVE-2020-28477 +1 more via immer (>=7.0.0 <=9.0.5)
immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...
Prototype Pollution
Overview immer is a package that allows you to create your next immutable state by mutating the current one. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path...
0i0 (=1.0.10), @1productaweek/react-stately (>=0.1.1 <=0.1.7) +1068 more potentially affected by CVE-2020-28477 via immer (>=7.0.0 <=8.0.0)
immer NPM version =7.0.0, =0.1.1, =0.1.0, =0.0.3-alpha.52, =0.0.10, =0.0.1, =0.1.0, =0.1.1, =0.97.1-20210526212817, =0.1.0, =2.3.1, =1.0.59, =4.4.2, =4.5.9 and more Source cves: CVE-2020-28477 Source advisory: OSV:GHSA-9QMH-276G-X5PJ...
Prototype Pollution
Overview immer is a package that allows you to create your next immutable state by mutating the current one. Affected versions of this package are vulnerable to Prototype Pollution. PoC const applyPatches, enablePatches = require"immer"; enablePatches; let obj = ; console.log"Before : " +...
0i0 (=1.0.10), @1productaweek/react-stately (>=0.1.1 <=0.1.7) +1068 more potentially affected by CVE-2020-28477 via immer (>=7.0.0 <=8.0.0)
immer NPM version =7.0.0, =0.1.1, =0.1.0, =0.0.3-alpha.52, =0.0.10, =0.0.1, =0.1.0, =0.1.1, =0.97.1-20210526212817, =0.1.0, =2.3.1, =1.0.59, =4.4.2, =4.5.9 and more Source cves: CVE-2020-28477 Source advisory: SNYK:JS-IMMER-1019369...