Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Immer ProjectImmer

3 matches found

CVE
CVEadded 2021/09/01 5:30 p.m.232 views

CVE-2021-23436

CVE-2021-23436 affects the immer package prior to 9.0.6. A prototype pollution/type confusion flaw can bypass CVE-2020-28477 when user-provided path keys are arrays, because the check for proto /constructor in applyPatches_ fails for ['proto '] (or ['constructor']). This may enable remote code ex...

9.8CVSS6.3AI score0.00546EPSS
CVE
CVEadded 2021/01/19 10:20 a.m.227 views

CVE-2020-28477

CVE-2020-28477 affects the Node.js module immer and is described as a denial of service arising from a prototype pollution flaw. The core issue is tied to how patch application handles player-supplied path keys (including array-like keys), which in some disclosures can bypass part of the vulnerab...

7.5CVSS6.3AI score0.00287EPSS
CVE
CVEadded 2021/09/02 12:6 p.m.99 views

CVE-2021-3757

CVE-2021-3757 refers to a prototype pollution flaw in the immer module used by Node.js. The vulnerability arises from improper modification of Object.prototype attributes via proto /constructor payloads, potentially enabling remote code execution, information disclosure, or denial of service. Doc...

9.8CVSS8.4AI score0.00451EPSS