Closed lucacasonato closed 8 months ago
This is not exploitable in practice unless a user maliciously crafts serialized values in __FRSH_STATE, because serializer() never outputs serialized representation that would be vulnerable to prototype pollution. But hey, defense in depth.
serializer()
Just commenting to link issues https://github.com/denoland/fresh/issues/2254
This is not exploitable in practice unless a user maliciously crafts serialized values in __FRSH_STATE, because
serializer()
never outputs serialized representation that would be vulnerable to prototype pollution. But hey, defense in depth.