mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-29 13:03:23 +00:00
59fe2fe463
* [CE/SP] Hotfixes 3.5.10 / 4.0.5 * [CE/SP] include PR13122 in 4.0.5 hotfixes --------- Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com> GitOrigin-RevId: 68d31f4a4573d2cad1ee564a62957ad2c858cbe7
12 lines
375 B
Diff
12 lines
375 B
Diff
--- node_modules/mongoose/lib/document.js
|
|
+++ node_modules/mongoose/lib/document.js
|
|
@@ -689,6 +689,10 @@ function init(self, obj, doc, opts, prefix) {
|
|
|
|
function _init(index) {
|
|
i = keys[index];
|
|
+ // avoid prototype pollution
|
|
+ if (i === '__proto__' || i === 'constructor') {
|
|
+ return;
|
|
+ }
|
|
path = prefix + i;
|
|
schema = self.$__schema.path(path);
|