js · flat-to-nestedCritical
flat-to-nested convert() prototype pollution via __proto__ keys
The `convert()` function uses plain objects for temporary lookup tables, allowing prototype pollution via `__proto__` keys.
What changed
The `convert()` function uses plain objects for temporary lookup tables, allowing prototype pollution via `__proto__` keys.
Who it affects
Any application that passes attacker-influenced flat records to `convert()`.
What to do today
Update to a patched version or apply the suggested fix: use `Object.create(null)` for `temp` and `pendingChildOf`.
The trail
Collected→
Audited→
Written→
Published