-
-
Notifications
You must be signed in to change notification settings - Fork 96
Prevent prototype pollution of returned diff object #87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Codecov ReportBase: 100.00% // Head: 100.00% // No change to project coverage 👍
Additional details and impacted files@@ Coverage Diff @@ ## main #87 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 7 7 Lines 109 102 -7 Branches 36 36 ========================================= - Hits 109 102 -7
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
@Retr02332
Retr02332
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to my tests, I can no longer contaminate the prototype:
Retr02332
commented
Nov 12, 2022
Since the library was the one who executed the vulnerable action, it must be the one who validates the prototype. Therefore, if it is a security flaw.
Thank you very much for fixing this problem.
Uh oh!
There was an error while loading. Please reload this page.
Fixes #85