From d8228eadb1ae82553594bbdda9c2319010bccc7d Mon Sep 17 00:00:00 2001
From: Alejandro Romero <alromh87@gmail.com>
Date: Sun, 18 Oct 2020 07:12:03 +0000
Subject: [PATCH] Fix Prototype Pollution

---
 src/util.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/util.ts b/src/util.ts
index e37fc65..e868a0b 100644
--- a/src/util.ts
+++ b/src/util.ts
@@ -172,6 +172,9 @@ export function setValueAtPath(target: unknown, val: unknown, path: PathSegments
   let p: number;
   while (++cursor < len) {
     step = path[cursor];
+    if (step === '__proto__' || step === 'constructor' || step === 'prototype') {
+      throw new Error('Prototype pollution attempt detected.');
+    }
     if (Array.isArray(it)) {
       if (step === '-' && cursor === end) {
         it.push(val);