Zurück zur CVE-Übersicht
CVE-2026-29063
CRITICAL(9.8)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score25/100 — MITTEL
- CVSS 9.8 — Kritisch
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.
Referenzen
- https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3
- https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8
- https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5
- https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-...
- https://access.redhat.com/errata/RHSA-2026:11070
- https://access.redhat.com/errata/RHSA-2026:11217
- https://access.redhat.com/errata/RHSA-2026:11414
- https://access.redhat.com/errata/RHSA-2026:11858
- https://access.redhat.com/errata/RHSA-2026:11916
- https://access.redhat.com/errata/RHSA-2026:12118