ethanent
commented
4 years ago Sorry, I may be missing something here, but how exactly is this a DDOS vulnerability?
Options passed to Phin are created by the Phin user, not by the servers it connects to. It seems that if an options object not inheriting from Object is passed in, it would be by a user, not a malicious actor. Is there a use case for passing in options which don't inherit from Object?
phin will unexpectedly throw if an options object is passed that doesn't not inherit from Object (
Object.create(null))This replaces all occurances of {}.hasOwnProperty with a wrapper function that calls the function from Object.prototype
Semver: patch