CVE-2026-29063

Sažetak

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.

Reference

https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3
https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8
https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5
https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

17-04-2026 - 21:32

Objavljeno

06-03-2026 - 19:16