-
-
Notifications
You must be signed in to change notification settings - Fork 852
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prototype Pollution vulnerability #738
Comments
mweststrate
added a commit
that referenced
this issue
Jan 20, 2021
Details: SNYK-JS-IMMER-1019369 / CVE-2020-28477 https://snyk.io/vuln/SNYK-JS-IMMER-1019369
mweststrate
added a commit
that referenced
this issue
Jan 20, 2021
mweststrate
added a commit
that referenced
this issue
Jan 20, 2021
mweststrate
added a commit
that referenced
this issue
Jan 20, 2021
Solved and released in 8.0.1 |
Were only |
Just patches, and only if you can't trust the source of the patches. E.g.
someone could construct / alter patches in his browser session, send them
to the server, and then they can potentially be used later to break another
client that receives those patches if they are passed along unvalidated.
…On Thu, Jan 21, 2021 at 4:38 AM Dima Tisnek ***@***.***> wrote:
Were only applyPatches affected, or regular, recommended use of immer
too, transitively affected?
(just wondering how urgent it is to push new version of depending software
into production)
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#738 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAN4NBBKYMLCFJ77S67DQ3LS26VUJANCNFSM4WJEPJAQ>
.
|
This was referenced Mar 7, 2021
This was referenced Mar 14, 2021
Closed
ericsuh
pushed a commit
to descriptinc/immer
that referenced
this issue
May 25, 2021
fix: Fixed security issue immerjs#738: prototype pollution possible when applying patches CVE-2020-28477 See: CVE-2020-28477 / SNYK-JS-IMMER-1019369 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28477 https://snyk.io/vuln/SNYK-JS-IMMER-1019369
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
🐛 Bug Report
A Prototype Pollution vulnerability has been raised by Snyk and it is affecting all versions of immer.
The vulnerability seems to be on the following line
Find more details here
Environment
All immer versions
The text was updated successfully, but these errors were encountered: