Open chris-tuncap opened 1 year ago
Resolve prototype pollution vulnerability by only mapping fields that exist in the defaultOptions object from the user provided opts object.
Default:
defaultOptions = { useCleanCache: false, warnOnReplace: true, warnOnUnregistered: true }
User provided:
opts = { other1: 2, other2: 5, warnOnUnregistered: false }
Result:
effectiveOptions = { useCleanCache: false, warnOnReplace: true, warnOnUnregistered: false // <-- updated }
CVE-2022-37614/Prototype pollution found in mockery.js
Resolve prototype pollution vulnerability by only mapping fields that exist in the defaultOptions object from the user provided opts object.
Default:
User provided:
Result: