Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "__proto__" || p === "constructor") in applyPatches_ returns false if p is ['__proto__'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type.
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1579266
- https://snyk.io/vuln/SNYK-JS-IMMER-1540542
- https://github.com/1345122890/1345122890
- https://github.com/1345122890/mmcloud
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Amichaii/EVERWallet
- https://github.com/Andreablog/OpenEV
- https://github.com/DanielBanasiuk/Kuliah
- https://github.com/DanilPetelin/FlutterLNotificationsp
- https://github.com/DenverCat/Yogi
- https://github.com/JuliaLiootti/PS4G
- https://github.com/MexicoBen/nInstalls
- https://github.com/NatalieYeah/robmikh
- https://github.com/Sydneypom/CModules
- https://github.com/VanconVincius/Tomasz-Mankowski
- https://github.com/WiliamBroown/Volunteer
- https://github.com/broxus/ever-wallet-browser-extension
- https://github.com/broxus/ever-wallet-browser-extension-old
- https://github.com/dellalibera/dellalibera
- https://github.com/grafana/plugin-validator
- https://github.com/khulnasoft/plugin-validator
- https://github.com/lSGerald/sentinel-officialc
- https://github.com/vitaliydrebotiz/vitaliydrebotiz