marvinhagemeister
commented
8 months ago Just commenting to link issues https://github.com/denoland/fresh/issues/2254
Closed lucacasonato closed 8 months ago
marvinhagemeister
commented
8 months ago Just commenting to link issues https://github.com/denoland/fresh/issues/2254
This is not exploitable in practice unless a user maliciously crafts serialized values in __FRSH_STATE, because
serializer()never outputs serialized representation that would be vulnerable to prototype pollution. But hey, defense in depth.