3 matches found
CVE-2026-59880
Immutable.js contains a HashCollision vulnerability in Map/Set keys prior to version 4.3.9 and 5.1.8: an adversary who controls inserted keys can craft many hash collisions in a HashCollisionNode, causing linear scans and CPU exhaustion during insertion and lookup. The issue is fixed in 4.3.9 and...
CVE-2026-59880 Immutable.js: Hash-collision algorithmic complexity denial of service in Immutable.Map/Set
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...
EUVD-2026-42315
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...