diff --git a/package-lock.json b/package-lock.json
index 2f81c08..6888279 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "underscore.deep",
-  "version": "0.5.1",
+  "version": "0.5.3",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 99de47c..13009d4 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "underscore.deep",
-  "version": "0.5.2",
+  "version": "0.5.3",
   "description": "Underscore mixins for deeply nested objects",
   "main": "underscore.deep.js",
   "engines": {
diff --git a/test/deepFromFlat.coffee b/test/deepFromFlat.coffee
index 2579672..a2cf37f 100644
--- a/test/deepFromFlat.coffee
+++ b/test/deepFromFlat.coffee
@@ -20,3 +20,13 @@ describe '_.deepFromFlat', ->
   _(tests).each (test) ->
     it "deepens #{JSON.stringify test.input}", ->
       assert.deepEqual _.deepFromFlat(test.input), test.output
+
+  it "does not merge special `Object` properties", ->
+    _.deepFromFlat({ "__proto__.polluted1": true })
+    _.deepFromFlat({ "constructor.prototype.polluted2": true })
+    p1 = {}.polluted1
+    p2 = {}.polluted2
+    assert.strictEqual(p1, undefined)
+    assert.strictEqual(p2, undefined)
+    delete Object.prototype.polluted1
+    delete Object.prototype.polluted2
diff --git a/underscore.deep.coffee b/underscore.deep.coffee
index cae9019..7114ea4 100644
--- a/underscore.deep.coffee
+++ b/underscore.deep.coffee
@@ -136,6 +136,7 @@ module.exports =
       key = parts.pop()
       while parts.length
         part = parts.shift()
+        continue if part in ["__proto__", "constructor", "prototype"]
         t = t[part] = t[part] or {}
       t[key] = o[k]
     oo