Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed potential vulnerability in U.set() method.
  • Loading branch information
petersirka committed Feb 21, 2021
1 parent fcdf74c commit c812bbc
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions changes.txt
@@ -1,6 +1,7 @@
======= 3.4.9

- fixed measuring dimension for `.gif` images
- fixed potential remote code execution in `U.set()` founded by [Snyk](https://snyk.io/vuln)

======= 3.4.7

Expand Down
4 changes: 2 additions & 2 deletions utils.js
Expand Up @@ -6622,8 +6622,8 @@ exports.set = function(obj, path, value) {
var ispush = v.lastIndexOf('[]') !== -1;
var a = builder.join(';') + ';var v=typeof(a)===\'function\'?a(U.get(b)):a;w' + (v[0] === '[' ? '' : '.') + (ispush ? v.replace(REGREPLACEARR, '.push(v)') : (v + '=v')) + ';return v';

if ((/__proto__|constructor|prototype/).test(a))
throw new Error('Prototype pollution');
if ((/__proto__|constructor|prototype|eval/).test(a))
throw new Error('Potential vulnerability');

var fn = new Function('w', 'a', 'b', a);
F.temporary.other[cachekey] = fn;
Expand Down

0 comments on commit c812bbc

Please sign in to comment.