Prototype Pollution
Description
A type confusion in immer before 9.0.6 allows bypassing prototype pollution protections via array keys in path parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A type confusion in immer before 9.0.6 allows bypassing prototype pollution protections via array keys in path parameters.
Vulnerability
The immer library before version 9.0.6 contains a type confusion vulnerability that bypasses the fix for CVE-2020-28477 [1][2]. The applyPatches_ function checks if a path key equals "__proto__" or "constructor" using strict equality (===). However, if the key is provided as an array (e.g., ['__proto__']), the comparison fails because the types differ (string vs array), allowing the check to be bypassed [1][4]. This affects all versions prior to 9.0.6.
Exploitation
An attacker can supply a patch operation with a path parameter where keys are arrays, such as [["__proto__"], "polluted"] [4]. No special privileges are required; the attacker only needs to control the patch input to the applyPatches function. The exploit does not require user interaction beyond the application processing the malicious patch.
Impact
Successful exploitation leads to prototype pollution, allowing the attacker to inject properties into Object.prototype [2][3]. This can result in denial of service, property tampering, or potentially remote code execution depending on the application's use of the polluted properties [2]. The attacker can affect all objects in the runtime.
Mitigation
The fix was released in immer version 9.0.6 [1][4]. Users should upgrade to 9.0.6 or later. The commit [4] adds a test that ensures array-encoded keys are also rejected. No workaround is available; upgrading is the recommended mitigation.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
immernpm | >= 7.0.0, < 9.0.6 | 9.0.6 |
Affected products
1Patches
1fa671e55ee9bfix(security): Follow up on CVE-2020-28477 where `path: [["__proto__"], "x"]` could still pollute the prototype
2 files changed · +19 −1
src/plugins/patches.ts+1 −1 modified@@ -207,7 +207,7 @@ export function enablePatches() { let base: any = draft for (let i = 0; i < path.length - 1; i++) { const parentType = getArchtype(base) - const p = path[i] + const p = "" + path[i] // See #738, avoid prototype pollution if ( (parentType === Archtype.Object || parentType === Archtype.Array) &&
__tests__/patch.js+18 −0 modified@@ -1258,6 +1258,24 @@ test("maps can store __proto__, prototype and constructor props", () => { expect(obj.polluted).toBe(undefined) }) +test("CVE-2020-28477 (https://snyk.io/vuln/SNYK-JS-IMMER-1019369) follow up", () => { + const obj = {} + + // @ts-ignore + expect(obj.polluted).toBe(undefined) + expect(() => { + applyPatches({}, [ + {op: "add", path: [["__proto__"], "polluted"], value: "yes"} + ]) + }).toThrow( + isProd + ? "24" + : "Patching reserved attributes like __proto__, prototype and constructor is not allowed" + ) + // @ts-ignore + expect(obj.polluted).toBe(undefined) +}) + test("#648 assigning object to itself should not change patches", () => { const input = { obj: {
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-33f9-j839-rf8hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23436ghsaADVISORY
- github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1579266ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-IMMER-1540542ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.