-
-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Resolve potential prototype polution exploit #217
fix: Resolve potential prototype polution exploit #217
Conversation
|
Thank you |
Hi Team,
|
Hello, What could be a security concern is how this new object will be handled, as you can technically create one with arbitrary properties that could be malicious. However this will be up to the applications/other-packages using this as a dependency to properly "sanitize" the query/string provided and object. |
Fixes: https://nvd.nist.gov/vuln/detail/CVE-2022-37601
Resolves:
#212