mmarchini
commented
1 year ago please dont report security issues on the public github, email security@restify.com with steps on how the vulnerability can be exploited. Or, if you want to open a PR to make that code more robust regardless if it's exploitable or not, feel free to do so as well.
Prototype pollution vulnerability in function jsonBodyParser in jsonBodyParser.js in restify node-restify 9.0.0-rc.1 via the k variable in jsonBodyParser.js.
The prototype pollution vulnerability can be mitigated with several best practices described here: [https://learn.snyk.io/lessons/prototype-pollution/javascript/]