Lucene search
K

19 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-42318

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6AI score
Exploits0References6Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-59879

Immutable.js List contains a 32-bit trie overflow in List.js setListBounds that, prior to versions 4.3.9 and 5.1.8, can mishandle an index or size in the 2^30–2^31 range, leading to an uncatchable infinite loop for empty Lists, unbounded allocation for populated Lists, or silent wrap of large set...

8.7CVSS6AI score
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System

Summary Multiple Vulnerabilities have been addressed in IBM Cloud Pak System v2.3.5.1. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable v...

9.8CVSS6.2AI score0.01535EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 10:18 a.m.6 views

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes June 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structure...

9.8CVSS8AI score0.01735EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 11:29 a.m.7 views

Security Bulletin: Due to the use of WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is affected by a prototype pollution vulnerability due to immutable

Summary IBM Tivoli Application Dependency Discovery Manager bundles WebSphere Application Server Liberty, vulnerability has been remediated in an e-fix Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3,...

9.8CVSS7.1AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 2:59 p.m.10 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a prototype pollution vulnerability used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-29063)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty i used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3,...

9.8CVSS5.7AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 10:57 a.m.22 views

Security Bulletin: IBM Operational Decision Manager for April 2026 - Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Operational Decision Manager Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS conditio...

9.8CVSS7.1AI score0.01177EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 2:3 p.m.20 views

Security Bulletin: Multiple Vulnerabilities in IBM Tivoli Netcool/OMNIbus_GUI

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool/OMNIbusGUI 8.1.0 Fix Pack 41. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible i...

9.8CVSS6.1AI score0.0644EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:25 p.m.10 views

Security Bulletin: A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL 8 and ealier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1....

9.8CVSS7.1AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:34 p.m.5 views

Security Bulletin: IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063.

Summary IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versio...

9.8CVSS7.1AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/30 7:47 p.m.6 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2026-29063) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototyp...

9.8CVSS5.3AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:20 p.m.3 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution (CVE-2026-29063)

Summary IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in node.js module immutable CVE-2026-29063 Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js...

9.8CVSS6.1AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 5:6 a.m.6 views

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Netcool Impact

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.0.38 Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in...

9.8CVSS7AI score0.01075EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.4 (7267351)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7267351 advisory. - Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in...

9.8CVSS7.3AI score0.00978EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 3:29 p.m.7 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary There is a vulnerability in the immutable library which affects IBM WebSphere Application Server Liberty with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1, mpOpenAPI-4.0 or mpOpenAPI-4.1 feature enabled. Vulnerability Details...

9.8CVSS5.8AI score0.00978EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.3 views

CVE-2026-29063

A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific AP...

8.8CVSS6.2AI score0.00978EPSS
Exploits1References7
OSV
OSV
added 2026/03/06 6:25 p.m.4 views

CVE-2026-29063 Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

8.7CVSS5.7AI score0.00978EPSS
Exploits1References61
Debian CVE
Debian CVE
added 2026/03/06 6:25 p.m.6 views

CVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

9.8CVSS8.2AI score0.00978EPSS
Exploits1
Rows per page
Query Builder