diff --git a/src/utils/ObjectUtil.js b/src/utils/ObjectUtil.js
index e082be4..14c553f 100644
--- a/src/utils/ObjectUtil.js
+++ b/src/utils/ObjectUtil.js
@@ -217,6 +217,9 @@ ObjectUtil = {
             var cursor = obj;
             for (var i = 0, j = keys.length; i < j; i++) {
                 key = keys[i];
+                if (key === '__proto__') {
+                    break;
+                }
                 if (!TypeUtil.isObject(cursor[key])) {
                     cursor[key] = {};
                 }
diff --git a/test/test_object.js b/test/test_object.js
index 4bf50e1..3d4f0cf 100644
--- a/test/test_object.js
+++ b/test/test_object.js
@@ -304,6 +304,11 @@ describe('object', function() {
             f(o, 'e.f.g', 'ok 2');
             test.assertEqual(o['e']['f']['g'], 'ok 2');
         });
+        it('test prototype pollution', function() {
+            f(o, '__proto__.polluted', true);
+            test.assertUndefined(o['polluted']);
+            test.assertUndefined({}.polluted);
+        });
     });
     describe('length', function() {
         var f = obj.length;