Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed U.set() by adding check for Prototype pollution.
  • Loading branch information
petersirka committed Dec 31, 2020
1 parent 1e1faeb commit b3f9015
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions utils.js
Expand Up @@ -6621,6 +6621,10 @@ exports.set = function(obj, path, value) {
var v = arr[arr.length - 1];
var ispush = v.lastIndexOf('[]') !== -1;
var a = builder.join(';') + ';var v=typeof(a)===\'function\'?a(U.get(b)):a;w' + (v[0] === '[' ? '' : '.') + (ispush ? v.replace(REGREPLACEARR, '.push(v)') : (v + '=v')) + ';return v';

if ((/__proto__|constructor|prototype/).test(a))
throw new Error('Prototype pollution');

var fn = new Function('w', 'a', 'b', a);
F.temporary.other[cachekey] = fn;
fn(obj, value, path);
Expand Down

0 comments on commit b3f9015

Please sign in to comment.