From bd1821223989e815bc7dac1217bc7859777ce0bf Mon Sep 17 00:00:00 2001
From: Asjid Kalam <asjid.kalam@gmail.com>
Date: Mon, 14 Dec 2020 21:04:27 +0530
Subject: [PATCH] fixed prototype pollution

---
 src/object/set.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/object/set.js b/src/object/set.js
index b8fa25a3..a38f332e 100644
--- a/src/object/set.js
+++ b/src/object/set.js
@@ -4,6 +4,10 @@ define(['./namespace'], function (namespace) {
      * set "nested" object property
      */
     function set(obj, prop, val){
+        // prototype pollution mitigation
+        if(prop.includes('__proto__') || prop.includes('prototype') || prop.includes('constructor')) {
+            return false;
+        }
         var parts = (/^(.+)\.(.+)$/).exec(prop);
         if (parts){
             namespace(obj, parts[1])[parts[2]] = val;