PT-2021-15523 · Immer · Immer
Published
2021-09-01
·
Updated
2021-09-10
·
CVE-2021-23436
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
immer versions prior to 9.0.6
Description
A type confusion issue can lead to a bypass when user-provided keys used in the
path parameter are arrays. Specifically, this occurs because the condition (p === " proto " || p === "constructor") in the applyPatches function returns false if p is an array containing proto or constructor. This happens due to the === operator returning false when the operands have different types.Recommendations
For versions prior to 9.0.6, update to version 9.0.6 or later to resolve the issue.
Exploit
Fix
Type Confusion
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Immer