Merge pull request #8 from 418sec/1-npm-arr-flatten-unflatten

Quernest · web-flow · commit cb4351c75f87 · 2021-01-25T22:45:17.000+02:00
Security Fix for Prototype Pollution - huntr.dev
diff --git a/unflatten.js b/unflatten.js
@@ -10,6 +10,8 @@ function unflatten(obj = {}) {
     let m = {};
 
     while ((m = regex.exec(p))) {
+      if (curr[prop] === constructor.prototype)
+        curr[prop] = {}
       curr = curr[prop] || (curr[prop] = m[2] ? [] : {});
       prop = m[2] || m[1];
     }

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,8 @@ function unflatten(obj = {}) {`
`10`	`10`	`let m = {};`
`11`	`11`
`12`	`12`	`while ((m = regex.exec(p))) {`
	`13`	`+ if (curr[prop] === constructor.prototype)`
	`14`	`+ curr[prop] = {}`
`13`	`15`	`curr = curr[prop] \|\| (curr[prop] = m[2] ? [] : {});`
`14`	`16`	`prop = m[2] \|\| m[1];`
`15`	`17`	`}`