When setting up the middleware config, check if the merge between user attributes and default config can lead to a prototype pollution: "recursively merging a user-controlled object into another object can allow an attacker to modify the built-in Object prototype." https://help.semmle.com/wiki/display/JS/Prototype+pollution
jrebecchi
commented
4 years ago
When setting up the middleware config, check if the merge between user attributes and default config can lead to a prototype pollution: "recursively merging a user-controlled object into another object can allow an attacker to modify the built-in Object prototype." https://help.semmle.com/wiki/display/JS/Prototype+pollution