diff options
author | Alexander Early <alexander.early@gmail.com> | 2021-10-27 20:12:46 -0700 |
---|---|---|
committer | Alexander Early <alexander.early@gmail.com> | 2021-10-27 20:14:00 -0700 |
commit | e1ecdbf79264f9ab488c7799f4c76996d5dca66d (patch) | |
tree | 5c62e361b941996809b5e849a4e3a93f1b1e9e60 | |
parent | fc9ba651341af5ab974aade6b1640e345912be83 (diff) | |
download | async-e1ecdbf79264f9ab488c7799f4c76996d5dca66d.tar.gz |
Fix prototype pollution vulnerability
-rw-r--r-- | lib/internal/iterator.js | 3 | ||||
-rw-r--r-- | test/mapValues.js | 11 |
2 files changed, 14 insertions, 0 deletions
diff --git a/lib/internal/iterator.js b/lib/internal/iterator.js index d167ff9..02526e0 100644 --- a/lib/internal/iterator.js +++ b/lib/internal/iterator.js @@ -26,6 +26,9 @@ function createObjectIterator(obj) { var len = okeys.length; return function next() { var key = okeys[++i]; + if (key === '__proto__') { + return next(); + } return i < len ? {value: obj[key], key} : null; }; } diff --git a/test/mapValues.js b/test/mapValues.js index 3264337..6d089fb 100644 --- a/test/mapValues.js +++ b/test/mapValues.js @@ -60,6 +60,17 @@ describe('mapValues', () => { done(); }, 50); }); + + it('prototype pollution', (done) => { + var input = JSON.parse('{"a": 1, "b": 2, "__proto__": { "exploit": true }}'); + + async.mapValues(input, (val, key, next) => { + next(null, val) + }, (err, result) => { + expect(result.exploit).to.equal(undefined) + done(err); + }) + }) }); context('mapValues', () => { |