Code injection

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

CVE-2021-3757 Prototype Pollution in immerjs/immer

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

Prototype Pollution

immer is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Immer 代码问题漏洞

Immer is a Javascript-based state management library from the Immer community. A code issue vulnerability exists in Immer that stems from the product's susceptibility to improper control of object prototype properties. The vulnerability can be exploited by an attacker to cause information...

PT-2021-21717 · Immer · Immer

Name of the Vulnerable Software and Affected Versions: immer affected versions not specified Description: The issue is related to Improperly Controlled Modification of Object Prototype Attributes, also known as 'Prototype Pollution'. This means that an attacker could potentially modify the...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

Type confusion

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23436

CVE-2021-23436 affects the immer package prior to 9.0.6. A prototype pollution/type confusion flaw can bypass CVE-2020-28477 when user-provided path keys are arrays, because the check for proto /constructor in applyPatches_ fails for ['proto '] (or ['constructor']). This may enable remote code ex...

CVE-2021-23436 Prototype Pollution

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

Immer 安全漏洞

Immer is a Javascript-based state management library from the Immer community. A security vulnerability exists in versions prior to immer 9.0.6 that stems from when the user-supplied key used in the path parameter is an array, which could lead to a bypass of CVE-2020-28477...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38843 more potentially affected by CVE-2020-28477 +1 more via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

Prototype Pollution

Overview immer is a package that allows you to create your next immutable state by mutating the current one. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path...

Security Bulletin: IBM App Connect Enterprise Certified Container Designer Authoring components may be vulnerable to a denial of service attack (CVE-2020-28477)

Summary A Designer Authoring component in App Connect Enterprise Certified Container may be vulnerable to a denial of service vulnerability due to a prototype polution vulnerability in one of the UI's dependencies Vulnerability Details CVEID: CVE-2020-28477 DESCRIPTION: Node.js immer module is...

RHEL 8 : RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, (Moderate) (RHSA-2021:1169)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1169 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as...

nodejs-immer: prototype pollution may lead to DoS or remote code execution

This affects all versions of package immer...

Prototype Pollution

Overview Overview Affected versions of immer are vulnerable to Prototype Pollution. Proof of exploit const applyPatches, enablePatches = require"immer"; enablePatches; let obj = ; console.log"Before : " + obj.polluted; applyPatches, op: 'add', path: "proto", "polluted" , value: "yes" ; //...

0i0 (=1.0.10), @1productaweek/react-stately (>=0.1.1 <=0.1.7) +1069 more potentially affected by CVE-2020-28477 via immer (>=7.0.0 <=8.0.0)

immer NPM version =7.0.0, =0.1.1, =0.1.0, =0.0.3-alpha.52, =0.0.10, =0.0.1, =0.1.0, =0.1.1, =0.97.1-20210526212817, =0.1.0, =2.3.1, =1.0.59, =4.4.2, =4.5.9 and more Source cves: CVE-2020-28477 Source advisory: OSV:GHSA-9QMH-276G-X5PJ...