Fix prototype pollution vulnerability

author: Alexander Early <alexander.early@gmail.com> 2021-10-27 20:12:46 -0700
committer: Alexander Early <alexander.early@gmail.com> 2021-10-27 20:14:00 -0700
commit: e1ecdbf79264f9ab488c7799f4c76996d5dca66d (patch)
tree: 5c62e361b941996809b5e849a4e3a93f1b1e9e60 /lib/internal
parent: fc9ba651341af5ab974aade6b1640e345912be83 (diff)
download: async-e1ecdbf79264f9ab488c7799f4c76996d5dca66d.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/internal/iterator.js b/lib/internal/iterator.js
index d167ff9..02526e0 100644
--- a/lib/internal/iterator.js
+++ b/lib/internal/iterator.js
@@ -26,6 +26,9 @@ function createObjectIterator(obj) {
     var len = okeys.length;
     return function next() {
         var key = okeys[++i];
+        if (key === '__proto__') {
+            return next();
+        }
         return i < len ? {value: obj[key], key} : null;
     };
 }
author	Alexander Early <alexander.early@gmail.com>	2021-10-27 20:12:46 -0700
committer	Alexander Early <alexander.early@gmail.com>	2021-10-27 20:14:00 -0700
commit	e1ecdbf79264f9ab488c7799f4c76996d5dca66d (patch)
tree	5c62e361b941996809b5e849a4e3a93f1b1e9e60 /lib/internal
parent	fc9ba651341af5ab974aade6b1640e345912be83 (diff)
download	async-e1ecdbf79264f9ab488c7799f4c76996d5dca66d.tar.gz