Vulnerabilities > CVE-2021-23436 - Type Confusion vulnerability in Immer Project Immer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "__proto__" || p === "constructor") in applyPatches_ returns false if p is ['__proto__'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237
- https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1579266
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1579266
- https://snyk.io/vuln/SNYK-JS-IMMER-1540542
- https://snyk.io/vuln/SNYK-JS-IMMER-1540542