Skip to content

Commit

Permalink
Merge pull request #270 from 418sec/1-npm-mout
Browse files Browse the repository at this point in the history 
Security Fix for Prototype Pollution - huntr.dev
  • Loading branch information
@roboshoes
roboshoes committed Jul 15, 2021
2 parents 2189378 + 397fa13 commit 3fecf13
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/object/set.js
View file
Expand Up @@ -4,6 +4,10 @@ define(['./namespace'], function (namespace) {
* set "nested" object property
*/
function set(obj, prop, val){
// prototype pollution mitigation
if(prop.includes('__proto__') || prop.includes('prototype') || prop.includes('constructor')) {
return false;
}
var parts = (/^(.+)\.(.+)$/).exec(prop);
if (parts){
namespace(obj, parts[1])[parts[2]] = val;
Expand Down

2 comments on commit 3fecf13

@andrew-itscript
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@roboshoes when do you plan to publish these changes to npm?

@roboshoes
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay. Has been released under v1.2.3

Please sign in to comment.