CVE-2021-3757 HIGH

CVE-2021-3757: Prototype Pollution in immerjs/immer

Vendor Immerjs
Product immerjs/immer
Weakness CWE-1321
Published September 2, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Key dates

02Disclosure timeline

September 2, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-68130 tRPC has possible prototype pollution in `experimental_nextAppDirCaller` CVE-2025-3982 nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution CVE-2025-66456 Elysia vulnerable to prototype pollution with multiple standalone schema validation CVE-2025-25015 Kibana arbitrary code execution via prototype pollution CVE-2026-30939 Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution