We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GitHub Advisory Database / CVE-2020-28477
⛔ high severity
Affected versions of immer are vulnerable to Prototype Pollution.
const {applyPatches, enablePatches} = require("immer"); enablePatches(); let obj = {}; console.log("Before : " + obj.polluted); applyPatches({}, [ { op: 'add', path: [ "__proto__", "polluted" ], value: "yes" } ]); // applyPatches({}, [ { op: 'replace', path: [ "__proto__", "polluted" ], value: "yes" } ]); console.log("After : " + obj.polluted);
Version 8.0.1 contains a fix for this vulnerability, updating is recommended.
The text was updated successfully, but these errors were encountered:
Updating the Immer package past 8.0.1 is advised for security -- it looks like this can be accomplished by updating the easy-peasy dependency.
Sorry, something went wrong.
Hey! Since v9 we no longer use easy-peasy (and immer) anymore.
Riiiight i just saw that-- tis me who needs to update!
No branches or pull requests
GitHub Advisory Database / CVE-2020-28477
Prototype Pollution in immer
⛔ high severity
Overview
Affected versions of immer are vulnerable to Prototype Pollution.
Proof of exploit
Remediation
Version 8.0.1 contains a fix for this vulnerability, updating is recommended.
References
The text was updated successfully, but these errors were encountered: