Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: prototype pollution in several npm packages #4337

Merged
merged 1 commit into from Jun 24, 2019
Merged

fix: prototype pollution in several npm packages #4337

merged 1 commit into from Jun 24, 2019

Conversation

@Kirill89
Copy link

@Kirill89 Kirill89 commented Jun 19, 2019

The PR is fixing a Prototype Pollution vulnerability in:

You can see details about similar vulnerability here: https://snyk.io/vuln/SNYK-JS-LODASH-73638

@@ -1001,7 +1001,7 @@ function baseMergeDeep(object, source, key, srcIndex, mergeFunc, customizer, sta
if (isArguments(objValue)) {
newValue = toPlainObject(objValue);
}
else if (!isObject(objValue) || (srcIndex && isFunction(objValue))) {
else if (!isObject(objValue) || isFunction(objValue)) {
Copy link
Author

@Kirill89 Kirill89 Jun 19, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@@ -1001,7 +1001,7 @@ function baseMergeDeep(object, source, key, srcIndex, mergeFunc, customizer, sta
if (isArguments(objValue)) {
newValue = toPlainObject(objValue);
}
else if (!isObject(objValue) || (srcIndex && isFunction(objValue))) {
else if (!isObject(objValue) || isFunction(objValue)) {
Copy link
Author

@Kirill89 Kirill89 Jun 19, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

* @returns {*} Returns the property value.
*/
function safeGet(object, key) {
if (key === 'constructor' && typeof object[key] === 'function') {
Copy link
Author

@Kirill89 Kirill89 Jun 19, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fix from the other PR: #4336

@@ -1146,8 +1166,8 @@ function baseMerge(object, source, srcIndex, customizer, stack) {
* counterparts.
*/
function baseMergeDeep(object, source, key, srcIndex, mergeFunc, customizer, stack) {
var objValue = object[key],
srcValue = source[key],
var objValue = safeGet(object, key),
Copy link
Author

@Kirill89 Kirill89 Jun 19, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jdalton jdalton added the bug label Jun 24, 2019
@jdalton
Copy link
Member

@jdalton jdalton commented Jun 24, 2019

Thank you @Kirill89!

@jdalton jdalton merged commit bb2e678 into lodash:npm-packages Jun 24, 2019
1 check passed
@lodash lodash locked and limited conversation to collaborators Jul 17, 2019
@lodash lodash deleted a comment from schmod Nov 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants