CVE-2026-59879
Vulnerability Description
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 ** 30 to 2 ** 31 in setListBounds in src/List.js, causing an empty List to enter an uncatchable infinite loop, a populated List to allocate without bound until process abort, or setSize to silently wrap large values. This issue is fixed in versions 4.3.9 and 5.1.8.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-190
Source
NVD
Vendor
immutable-js
Product
immutable-js
External References
- https://github.com/immutable-js/immutable-js/commit/a1a1ee412dcaa380ab325196283d06594ffe4b84
- https://github.com/immutable-js/immutable-js/commit/f0bc997d8eb9886aff2236635aa210a95a04304a
- https://github.com/immutable-js/immutable-js/releases/tag/v4.3.9
- https://github.com/immutable-js/immutable-js/releases/tag/v5.1.8
- https://github.com/immutable-js/immutable-js/security/advisories/GHSA-v56q-mh7h-f735
Discussion (0)
Add Comment
No comments yet. Be the first!