Skip to content

Commit

Permalink
Merge pull request #252 from 418sec/1-npm-expr-eval
Browse files Browse the repository at this point in the history 
Security Fix for Prototype Pollution - huntr.dev
  • Loading branch information
@silentmatt
silentmatt authored Oct 11, 2021
2 parents a556e27 + 3679a4d commit 6e889e0
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/evaluate.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ export default function evaluate(tokens, expr, values) {
nstack.push(f(resolveExpression(n1, values), resolveExpression(n2, values), resolveExpression(n3, values)));
}
} else if (type === IVAR) {
if (/^__proto__|prototype|constructor$/.test(item.value)) {
throw new Error('prototype access detected');
}
if (item.value in expr.functions) {
nstack.push(expr.functions[item.value]);
} else if (item.value in expr.unaryOps && expr.parser.isOperatorEnabled(item.value)) {
Expand Down

1 comment on commit 6e889e0

@ds-albans
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@silentmatt - would appreciate if a release can be made available with this fix.

Please sign in to comment.