elastic · alexwizp · Dec 31, 2020 · Dec 15, 2020 · Dec 15, 2020 · Dec 15, 2020
diff --git a/src/core/server/http/index.ts b/src/core/server/http/index.ts
@@ -94,3 +94,4 @@ export {
 } from './cookie_session_storage';
 export * from './types';
 export { BasePath, IBasePath } from './base_path_service';
+export { validateObject } from './prototype_pollution';
diff --git a/src/core/server/index.ts b/src/core/server/index.ts
@@ -201,6 +201,7 @@ export {
   RouteConfigOptionsBody,
   RouteContentType,
   validBodyOutput,
+  validateObject,
   RouteValidatorConfig,
   RouteValidationSpec,
   RouteValidationFunction,

diff --git a/src/plugins/vis_type_timeseries/server/routes/vis.ts b/src/plugins/vis_type_timeseries/server/routes/vis.ts
@@ -24,6 +24,7 @@ import { visPayloadSchema } from '../../common/vis_schema';
 import { ROUTES } from '../../common/constants';
 import { ValidationTelemetryServiceSetup } from '../index';
 import { Framework } from '../plugin';
+import { validateObject } from '../../../../core/server';
 
 const escapeHatch = schema.object({}, { unknowns: 'allow' });
 
@@ -41,6 +42,7 @@ export const visDataRoutes = (
     },
     async (requestContext, request, response) => {
       try {
+        validateObject(request.body);
         visPayloadSchema.validate(request.body);
       } catch (error) {
         logFailedValidation();