PT-2021-3190 · Immer+1 · Immer+1

Published

2021-01-19

·

Updated

2021-09-01

·

CVE-2020-28477

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions immer versions prior to 8.0.1
Description The issue is related to an uncontrolled modification of object prototype attributes in the immer library, which can lead to a prototype pollution attack. This allows a remote attacker to exploit the vulnerability. The estimated number of potentially affected devices is not provided.
Recommendations For versions prior to 8.0.1, update to version 8.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of the applyPatches function with operations that modify the prototype until a patch is applied. Restrict access to the enablePatches function to minimize the risk of exploitation.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-471CWE-1321

Related Identifiers

BDU:2021-02881
CVE-2020-28477
GHSA-9QMH-276G-X5PJ
RHSA-2021:1169
SNYK-JAVA-ORGWEBJARSNPM-1061986
SNYK-JS-IMMER-1019369
SUSE-SU-2021:0906-1

Affected Products

Suse
Immer