Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Fix for Prototype Pollution #13

Closed
wants to merge 2 commits into from

Conversation

ready-research
Copy link

@ready-research ready-research commented Aug 31, 2021

@aheckmann Fix prototype pollution when path components are not strings

Reported in https://www.huntr.dev/bounties/74f8e882-c07d-4b49-aa5c-bada506a1ebc/

Fix prototype pollution when path components are not strings
…llution-fix

Security Fix for Prototype Pollution
@vkarpov15 vkarpov15 closed this in 89402d2 Sep 1, 2021
@vkarpov15
Copy link
Member

Thanks for the PR, we made an alternative fix that throws an error instead of converting the non-string element to a string. That's more correct behavior for this library. We'll ship a release now 👍

vkarpov15 added a commit to Automattic/mongoose that referenced this pull request Sep 1, 2021
@ready-research
Copy link
Author

@aheckmann Can you please confirm the same in huntr. So that we can disclose this issue in public. Thank you.

This was referenced Sep 1, 2021
This was referenced Sep 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants