as shown here, json.parse() has exploit possibility: https://github.com/hapijs/bourne
either use bourne or port it's proto inspection regex into our jsonx util
this security issue isn't exploitable by default. it requires mallicious user input to be parsed and then assigned via object.assign() for the payload to become activated. This isn't a super common workflow, but This proposed fix would make the risk moot.
as shown here, json.parse() has exploit possibility: https://github.com/hapijs/bourne
either use
bourneor port it's proto inspection regex into ourjsonxutilthis security issue isn't exploitable by default. it requires mallicious user input to be parsed and then assigned via
object.assign()for the payload to become activated. This isn't a super common workflow, but This proposed fix would make the risk moot.