CVE-2026-59879 is a denial of service (DoS) vulnerability in Immutable.js, a JavaScript library for immutable data structures. The vulnerability affects versions prior to 4.3.9 and 5.1.8. Specifically, the List#set, List#setSize, List#setIn, List#updateIn, and functional set, setIn, and updateIn methods mishandle indices or sizes in the range 2 ** 30 to 2 ** 31 in the setListBounds function in src/List.js [truncated]
CVE-2026-59880 is a denial-of-service vulnerability in Immutable.js, a JavaScript library for immutable data structures. Versions before 4.3.9 and 5.1.8 are affected. The vulnerability arises from the way Immutable.Map and Immutable.Set handle keys with the same 32-bit hash in a HashCollisionNode. An attacker who controls keys inserted into a Map can craft colliding keys to degrade insertion and lookup op [truncated]