If an object with __proto__ key is passed to clone() the key is converted to a prototype. This is only an issue if the system allows invalid content to make its way into the system internals where clone is used.
Unlike past prototype poisoning issues, this is considered low risk and hard to exploit. It is not an issue when clone() is used in hapi handlers and other methods since hapi ensures no such invalid object can pass into the application from user input.
The text was updated successfully, but these errors were encountered: