CVE-2021-23436

Name
CVE-2021-23436
Description
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "__proto__" || p === "constructor") in applyPatches_ returns false if p is ['__proto__'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1579266
MISC https://snyk.io/vuln/SNYK-JS-IMMER-1540542
MISC https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:immer_project:immer:*:*:*:*:*:node.js:*:* immer >= None < 9.0.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
immer edge-community 0.9.0-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
immer edge-community 0.8.1-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
immer 3.23-community 0.8.1-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
immer 3.22-community 0.8.1-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
immer 3.20-community 0.8.1-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable