diff --git a/__tests__/patch.js b/__tests__/patch.js
index 1885094a..8bacae14 100644
--- a/__tests__/patch.js
+++ b/__tests__/patch.js
@@ -1258,6 +1258,24 @@ test("maps can store __proto__, prototype and constructor props", () => {
 	expect(obj.polluted).toBe(undefined)
 })
 
+test("CVE-2020-28477 (https://snyk.io/vuln/SNYK-JS-IMMER-1019369) follow up", () => {
+	const obj = {}
+
+	// @ts-ignore
+	expect(obj.polluted).toBe(undefined)
+	expect(() => {
+		applyPatches({}, [
+			{op: "add", path: [["__proto__"], "polluted"], value: "yes"}
+		])
+	}).toThrow(
+		isProd
+			? "24"
+			: "Patching reserved attributes like __proto__, prototype and constructor is not allowed"
+	)
+	// @ts-ignore
+	expect(obj.polluted).toBe(undefined)
+})
+
 test("#648 assigning object to itself should not change patches", () => {
 	const input = {
 		obj: {
diff --git a/src/plugins/patches.ts b/src/plugins/patches.ts
index e0cdc091..c4a7b4ad 100644
--- a/src/plugins/patches.ts
+++ b/src/plugins/patches.ts
@@ -207,7 +207,7 @@ export function enablePatches() {
 			let base: any = draft
 			for (let i = 0; i < path.length - 1; i++) {
 				const parentType = getArchtype(base)
-				const p = path[i]
+				const p = "" + path[i]
 				// See #738, avoid prototype pollution
 				if (
 					(parentType === Archtype.Object || parentType === Archtype.Array) &&