Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix prototype pollution in set()
  • Loading branch information
mariocasciaro committed Oct 10, 2020
1 parent 404223b commit 2be3354
Show file tree
Hide file tree
Showing 2 changed files with 765 additions and 719 deletions.
4 changes: 4 additions & 0 deletions index.js
Expand Up @@ -112,6 +112,10 @@
}
var currentPath = path[0];
var currentValue = getShallowProperty(obj, currentPath);
if (options.includeInheritedProps && (currentPath === '__proto__' ||
(currentPath === 'constructor' && typeof currentValue === 'function'))) {
throw new Error('For security reasons, object\'s magic properties cannot be set')
}
if (path.length === 1) {
if (currentValue === void 0 || !doNotReplace) {
obj[currentPath] = value;
Expand Down

1 comment on commit 2be3354

@guptshruti2003
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello how can I solve this in my folder ? it shows high vulnerability error

thanks

Please sign in to comment.