0.002 Low
EPSS
Percentile
54.3%
immer is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as __proto__, constructor and prototype.
__proto__
constructor
prototype
github.com/immerjs/immer/blob/master/src/plugins/patches.ts%23L213
github.com/immerjs/immer/commit/da2bd4fa0edc9335543089fe7d290d6a346c40c5