Security fix for Prototype Pollution

IonicaBizau · Dec 17, 2020 · 82ede5c · 82ede5c
1 parent 6a7767c
commit 82ede5c
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -13,6 +13,8 @@ var Deffy = require("deffy");
  * @return {Object|Array} The field value.
  */
 function SetOrGet(input, field, def) {
+    if (field == '__proto__' || field == 'constructor' || field == 'prototype')
+        throw new Error('Restricted setting magical attributes')
     return input[field] = Deffy(input[field], def);
 }