From 3facc834fc46951b83ed167e2f414ccf2d24da37 Mon Sep 17 00:00:00 2001
From: Asjid Kalam <asjid.kalam@gmail.com>
Date: Fri, 11 Sep 2020 19:53:48 +0530
Subject: [PATCH] Fixed Prototype Pollution on deepMerge and deepSet

---
 lib/objectUtils.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/objectUtils.js b/lib/objectUtils.js
index 4adf146..1695fab 100644
--- a/lib/objectUtils.js
+++ b/lib/objectUtils.js
@@ -122,6 +122,11 @@ function unflatten(object, separator) {
 module.exports.unflatten = unflatten;
 
 function deepSet(object, property, value) {
+
+    if (property.includes('__proto__') || property.includes('constructor') || property.includes('prototype')) {
+        return false;
+    }
+
     if(isUndefined(object) || object === null) {
         return false;
     }
@@ -150,6 +155,12 @@ function deepSet(object, property, value) {
 module.exports.deepSet = deepSet;
 
 function deepMerge(destination, source) {
+    var key = Object.keys(source);
+    
+    if (key.includes('__proto__') || key.includes('constructor') || key.includes('prototype')) {
+        return false;
+    }
+
     if(isUndefined(destination)) {
         destination = {};
     }
@@ -362,4 +373,4 @@ module.exports.argsToArray = function(args, startingFrom){
     }
 
     return Array.prototype.slice.call(args, startingFrom);
-};
\ No newline at end of file
+};