Inefficient Algorithmic Complexity in Immutable.js - #VU135794
Published: June 29, 2026
Immutable.js
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to inefficient algorithmic complexity in Immutable.Map and Immutable.Set collision bucket handling when processing attacker-controlled object keys. A remote attacker can supply many crafted colliding keys to cause a denial of service.
Applications are affected when untrusted input is used as keys in Immutable structures rather than only as values under fixed keys.