Security Advisories์ถœ์ฒ˜: GitHub Security Advisories์กฐํšŒ์ˆ˜ 1

[immutable] Immutable is vulnerable to Prototype Pollution

By GitHub
2026๋…„ 3์›” 5์ผ
**[immutable] Immutable is vulnerable to Prototype Pollution**

Impact What kind of vulnerability is it. A Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. Affected APIs API Notes mergeDeep(target, source) Iterates source keys via ObjectSeq, assigns merged[key] mergeDeepWith(merger, target, source) Same code path merge(target, source) Shallow variant, same assignment logic Map.toJS() object[k] = v in toObject() with no __proto__ guard Map.toObject() Same toObject() implementation Map.mergeDeep(source) When source is converted to plain object Patches Has the problem been patched. What versions should users upgrade to. major version patched version 3.x 3.8.3 4.x 4.3.7 5.x 5.1.5 Workarounds Is there a way for users to fix or remediate the vulnerability without upgrading...

---

**[devsupporter ํ•ด์„ค]**

์ด ๊ธฐ์‚ฌ๋Š” GitHub Security Advisories์—์„œ ์ œ๊ณตํ•˜๋Š” ์ตœ์‹  ๊ฐœ๋ฐœ ๋™ํ–ฅ์ž…๋‹ˆ๋‹ค. ๊ด€๋ จ ๋„๊ตฌ๋‚˜ ๊ธฐ์ˆ ์— ๋Œ€ํ•ด ๋” ์•Œ์•„๋ณด์‹œ๋ ค๋ฉด ์›๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ•˜์„ธ์š”.
์›๋ณธ ๋ณด๊ธฐ
๋ชฉ๋ก์œผ๋กœ ๋Œ์•„๊ฐ€๊ธฐ