From 2bec9986b37981261ea51b02782092e2ca94bb2a Mon Sep 17 00:00:00 2001
From: Mojtaba Samimi <arch.mojtaba.samimi@gmail.com>
Date: Fri, 11 Aug 2023 10:31:35 -0400
Subject: [PATCH] guard against polluting __proto__ in nestedProperty

---
 src/lib/nested_property.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/lib/nested_property.js b/src/lib/nested_property.js
index f54c2951abe..a057e732bee 100644
--- a/src/lib/nested_property.js
+++ b/src/lib/nested_property.js
@@ -24,13 +24,20 @@ module.exports = function nestedProperty(container, propStr) {
         throw 'bad property string';
     }
 
-    var j = 0;
     var propParts = propStr.split('.');
     var indexed;
     var indices;
-    var i;
+    var i, j;
+
+    for(j = 0; j < propParts.length; j++) {
+        // guard against polluting __proto__ and other internals
+        if(String(propParts[j]).slice(0, 2) === '__') {
+            throw 'bad property string';
+        }
+    }
 
     // check for parts of the nesting hierarchy that are numbers (ie array elements)
+    j = 0;
     while(j < propParts.length) {
         // look for non-bracket chars, then any number of [##] blocks
         indexed = String(propParts[j]).match(/^([^\[\]]*)((\[\-?[0-9]*\])+)$/);