mirror of
https://github.com/overleaf/overleaf.git
synced 2024-09-16 02:52:31 -04:00
59fe2fe463
* [CE/SP] Hotfixes 3.5.10 / 4.0.5 * [CE/SP] include PR13122 in 4.0.5 hotfixes --------- Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com> GitOrigin-RevId: 68d31f4a4573d2cad1ee564a62957ad2c858cbe7
12 lines
400 B
Diff
12 lines
400 B
Diff
--- services/web/node_modules/mongoose/lib/document.js
|
|
+++ services/web/node_modules/mongoose/lib/document.js
|
|
@@ -739,6 +739,10 @@ function init(self, obj, doc, opts, prefix) {
|
|
|
|
function _init(index) {
|
|
i = keys[index];
|
|
+ // avoid prototype pollution
|
|
+ if (i === '__proto__' || i === 'constructor') {
|
|
+ return;
|
|
+ }
|
|
path = prefix + i;
|
|
schemaType = docSchema.path(path);
|