📂 Vulnerable Library - draft-js-focus-plugin-2.2.0.tgz
Focus Plugin for DraftJS
Path to dependency file: /package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2026-29063 |
🔴 High |
7.5 |
Not Defined |
< 1% |
immutable-3.7.4.tgz |
Transitive |
N/A |
❌ |
 Unreachable |
Details
🔴CVE-2026-29063
Vulnerable Library - immutable-3.7.4.tgz
Immutable Data Collections
Library home page: https://registry.npmjs.org/immutable/-/immutable-3.7.4.tgz
Path to dependency file: /package.json
Dependency Hierarchy:
-
draft-js-0.10.4.tgz (Root Library)
- ❌ immutable-3.7.4.tgz (Vulnerable Library)
-
draft-js-prism-plugin-0.1.3.tgz (Root Library)
- draft-js-prism-1.0.6.tgz
- ❌ immutable-3.7.4.tgz (Vulnerable Library)
-
draft-js-code-editor-plugin-0.2.1.tgz (Root Library)
- draft-js-0.10.4.tgz
- ❌ immutable-3.7.4.tgz (Vulnerable Library)
-
draft-js-plugins-editor-2.1.1.tgz (Root Library)
- ❌ immutable-3.7.4.tgz (Vulnerable Library)
-
draft-js-markdown-plugin-3.0.5.tgz (Root Library)
- ❌ immutable-3.7.4.tgz (Vulnerable Library)
-
draft-js-drag-n-drop-plugin-2.0.3.tgz (Root Library)
- ❌ immutable-3.7.4.tgz (Vulnerable Library)
-
slate-0.20.7.tgz (Root Library)
- ❌ immutable-3.7.4.tgz (Vulnerable Library)
-
draft-js-focus-plugin-2.2.0.tgz (Root Library)
- ❌ immutable-3.7.4.tgz (Vulnerable Library)
-
draft-js-image-plugin-2.0.6.tgz (Root Library)
- ❌ immutable-3.7.4.tgz (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.
Publish Date: Mar 06, 2026 06:25 PM
URL: CVE-2026-29063
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 7.5
Suggested Fix
Type: Upgrade version
Origin: GHSA-wf6x-7x77-mvgw
Release Date: Mar 06, 2026 06:25 PM
Fix Resolution : https://github.com/immutable-js/immutable-js.git - v3.8.3,https://github.com/immutable-js/immutable-js.git - v4.3.7,https://github.com/immutable-js/immutable-js.git - v5.1.5
📂 Vulnerable Library - draft-js-focus-plugin-2.2.0.tgz
Focus Plugin for DraftJS
Path to dependency file: /package.json
Findings
Details
🔴CVE-2026-29063
Vulnerable Library - immutable-3.7.4.tgz
Immutable Data Collections
Library home page: https://registry.npmjs.org/immutable/-/immutable-3.7.4.tgz
Path to dependency file: /package.json
Dependency Hierarchy:
draft-js-0.10.4.tgz (Root Library)
draft-js-prism-plugin-0.1.3.tgz (Root Library)
draft-js-code-editor-plugin-0.2.1.tgz (Root Library)
draft-js-plugins-editor-2.1.1.tgz (Root Library)
draft-js-markdown-plugin-3.0.5.tgz (Root Library)
draft-js-drag-n-drop-plugin-2.0.3.tgz (Root Library)
slate-0.20.7.tgz (Root Library)
draft-js-focus-plugin-2.2.0.tgz (Root Library)
draft-js-image-plugin-2.0.6.tgz (Root Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.
Publish Date: Mar 06, 2026 06:25 PM
URL: CVE-2026-29063
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 7.5
Suggested Fix
Type: Upgrade version
Origin: GHSA-wf6x-7x77-mvgw
Release Date: Mar 06, 2026 06:25 PM
Fix Resolution : https://github.com/immutable-js/immutable-js.git - v3.8.3,https://github.com/immutable-js/immutable-js.git - v4.3.7,https://github.com/immutable-js/immutable-js.git - v5.1.5