From e1ecdbf79264f9ab488c7799f4c76996d5dca66d Mon Sep 17 00:00:00 2001
From: Alexander Early <alexander.early@gmail.com>
Date: Wed, 27 Oct 2021 20:12:46 -0700
Subject: [PATCH] Fix prototype pollution vulnerability

---
 lib/internal/iterator.js |  3 +++
 test/mapValues.js        | 11 +++++++++++
 2 files changed, 14 insertions(+)

diff --git a/lib/internal/iterator.js b/lib/internal/iterator.js
index d167ff9d1..02526e0fd 100644
--- a/lib/internal/iterator.js
+++ b/lib/internal/iterator.js
@@ -26,6 +26,9 @@ function createObjectIterator(obj) {
     var len = okeys.length;
     return function next() {
         var key = okeys[++i];
+        if (key === '__proto__') {
+            return next();
+        }
         return i < len ? {value: obj[key], key} : null;
     };
 }
diff --git a/test/mapValues.js b/test/mapValues.js
index 32643379c..6d089fb03 100644
--- a/test/mapValues.js
+++ b/test/mapValues.js
@@ -60,6 +60,17 @@ describe('mapValues', () => {
                 done();
             }, 50);
         });
+
+        it('prototype pollution', (done) => {
+            var input = JSON.parse('{"a": 1, "b": 2, "__proto__": { "exploit": true }}');
+
+            async.mapValues(input, (val, key, next) => {
+                next(null, val)
+            }, (err, result) => {
+                expect(result.exploit).to.equal(undefined)
+                done(err);
+            })
+        })
     });
 
     context('mapValues', () => {