Issue: The function does not prevent copying properties like __proto__, constructor, and prototype.
What can go wrong? An attacker can modify the prototype of all objects, leading to security risks like privilege escalation or denial of service.
Where is the issue:
appinventor-sources/blob/master/appinventor/node_modules/object-assign/index.js
The node_modules content is only used for running unit tests in the CI environment, so this is a non-issue for us.
Awesome! I just wanted to ask you am i heading in the right direction. Asking since I am new here! I am really invested in working on open source and identifying security issues.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.