mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-29 09:33:33 -05:00
13 lines
400 B
Diff
13 lines
400 B
Diff
|
--- services/web/node_modules/mongoose/lib/document.js
|
||
|
+++ services/web/node_modules/mongoose/lib/document.js
|
||
|
@@ -739,6 +739,10 @@ function init(self, obj, doc, opts, prefix) {
|
||
|
|
||
|
function _init(index) {
|
||
|
i = keys[index];
|
||
|
+ // avoid prototype pollution
|
||
|
+ if (i === '__proto__' || i === 'constructor') {
|
||
|
+ return;
|
||
|
+ }
|
||
|
path = prefix + i;
|
||
|
schemaType = docSchema.path(path);
|