Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package immer, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2021-3757 — CVSS 9.8 (critical): immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23436 — CVSS 5.6 (medium): This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided…