GHSA-9QMH-276G-X5PJ Prototype Pollution in immer

Overview Affected versions of immer are vulnerable to Prototype Pollution. Proof of exploit js const applyPatches, enablePatches = require"immer"; enablePatches; let obj = ; console.log"Before : " + obj.polluted; applyPatches, op: 'add', path: "proto", "polluted" , value: "yes" ; // applyPatches,...

Prototype Pollution

immer is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2020-28477

This affects all versions of package immer...

CVE-2020-28477

This affects all versions of package immer...

Design/Logic Flaw

This affects all versions of package immer...

CVE-2020-28477

CVE-2020-28477 affects the Node.js module immer and is described as a denial of service arising from a prototype pollution flaw. The core issue is tied to how patch application handles player-supplied path keys (including array-like keys), which in some disclosures can bypass part of the vulnerab...

CVE-2020-28477 Prototype Pollution

This affects all versions of package immer...

Immer Security Breach

Immer is a Javascript-based state management library for the Immer community. A security vulnerability exists in all versions of Immer. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

Prototype Pollution

Overview immer is a package that allows you to create your next immutable state by mutating the current one. Affected versions of this package are vulnerable to Prototype Pollution. PoC const applyPatches, enablePatches = require"immer"; enablePatches; let obj = ; console.log"Before : " +...

0i0 (=1.0.10), @1productaweek/react-stately (>=0.1.1 <=0.1.7) +1068 more potentially affected by CVE-2020-28477 via immer (>=7.0.0 <=8.0.0)

immer NPM version =7.0.0, =0.1.1, =0.1.0, =0.0.3-alpha.52, =0.0.10, =0.0.1, =0.1.0, =0.1.1, =0.97.1-20210526212817, =0.1.0, =2.3.1, =1.0.59, =4.4.2, =4.5.9 and more Source cves: CVE-2020-28477 Source advisory: SNYK:JS-IMMER-1019369...

immer:flex-vector-gc: Crash in immer::detail::rbts::node<int, immer::memory_policy<immer::heap_policy<immer::gc

Project: https://github.com/arximboldi/immer.git Detailed Report: https://oss-fuzz.com/testcase?key=5660697665732608 Project: immer Fuzzing Engine: libFuzzer Fuzz Target: flex-vector-gc Job Type: libfuzzerasanimmer Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7083eb04e907 Crash...

immer:flex-vector-gc: Crash in decltype

Project: https://github.com/arximboldi/immer.git Detailed Report: https://oss-fuzz.com/testcase?key=6017886557306880 Project: immer Fuzzing Engine: libFuzzer Fuzz Target: flex-vector-gc Job Type: libfuzzerasanimmer Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00018055f9f9 Crash...

immer:flex-vector-gc: Crash in immer::detail::rbts::relaxed_pos<immer::detail::rbts::node<int, immer::memory_po

Project: https://github.com/arximboldi/immer.git Detailed Report: https://oss-fuzz.com/testcase?key=4855756386729984 Project: immer Fuzzing Engine: libFuzzer Fuzz Target: flex-vector-gc Job Type: libfuzzerasanimmer Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000180453daf Crash...

immer:set-gc: Crash in auto LLVMFuzzerTestOneInput::$_1::operator

Project: https://github.com/arximboldi/immer.git Detailed Report: https://oss-fuzz.com/testcase?key=5128215832821760 Project: immer Fuzzing Engine: libFuzzer Fuzz Target: set-gc Job Type: libfuzzerasanimmer Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x001cb02fb030 Crash State: aut...

immer:flex-vector-gc: Segv on unknown address in immer::detail::rbts::relaxed_pos<immer::detail::rbts::node<int, immer::memory_po

Project: https://github.com/arximboldi/immer.git Detailed Report: https://oss-fuzz.com/testcase?key=4872518268354560 Project: immer Fuzzing Engine: libFuzzer Fuzz Target: flex-vector-gc Job Type: libfuzzerasanimmer Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State:...

immer-goed.be XSS vulnerability

Vulnerable URL: http://www.immer-goed.be/en/contact.php Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure Timeline: Description| Value ---|---...