Skip to content

Fix potential prototype-polluting assignment in ra-data-local-storage#10758

Merged
djhi merged 3 commits intomasterfrom
alert-autofix-52
May 28, 2025
Merged

Fix potential prototype-polluting assignment in ra-data-local-storage#10758
djhi merged 3 commits intomasterfrom
alert-autofix-52

Conversation

@fzaninotto
Copy link
Member

@fzaninotto fzaninotto commented May 27, 2025

Most JavaScript objects inherit the properties of the built-in Object.prototype object. Prototype pollution is a type of vulnerability in which an attacker is able to modify Object.prototype. Since most objects inherit from the compromised Object.prototype object, the attacker can use this to tamper with the application logic, and often escalate to remote code execution or cross-site scripting.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@fzaninotto fzaninotto changed the title Potential fix for code scanning alert no. 52: Prototype-polluting assignment Fix prototype-polluting assignment in ra-data-localstorage May 27, 2025
@fzaninotto fzaninotto marked this pull request as ready for review May 27, 2025 09:25
@fzaninotto fzaninotto changed the title Fix prototype-polluting assignment in ra-data-localstorage Fix potential prototype-polluting assignment in ra-data-local-storage May 27, 2025
@djhi djhi merged commit 853beff into master May 28, 2025
15 checks passed
@djhi djhi deleted the alert-autofix-52 branch May 28, 2025 08:43
@djhi djhi added this to the 5.8.3 milestone May 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments