From 82ede5cccb2e8d13e4f62599203a4389f6d8e936 Mon Sep 17 00:00:00 2001
From: Arjun Shibu <arjunshibu1999@gmail.com>
Date: Thu, 17 Dec 2020 22:52:45 +0530
Subject: [PATCH] Security fix for Prototype Pollution

---
 lib/index.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/index.js b/lib/index.js
index 3c04df8..f9c76f4 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -13,6 +13,8 @@ var Deffy = require("deffy");
  * @return {Object|Array} The field value.
  */
 function SetOrGet(input, field, def) {
+    if (field == '__proto__' || field == 'constructor' || field == 'prototype')
+        throw new Error('Restricted setting magical attributes')
     return input[field] = Deffy(input[field], def);
 }