Browse Source

REPORT-122294 lodash 低版本安全漏洞

master
方磊 6 months ago
parent
commit
e4aafdc056
  1. 8
      packages/fineui/src/core/1.lodash.js

8
packages/fineui/src/core/1.lodash.js

@ -14,7 +14,7 @@
var undefined; var undefined;
/** Used as the semantic version number. */ /** Used as the semantic version number. */
var VERSION = '4.17.5'; var VERSION = '4.17.21';
/** Used as the size to enable large array optimizations. */ /** Used as the size to enable large array optimizations. */
var LARGE_ARRAY_SIZE = 200; var LARGE_ARRAY_SIZE = 200;
@ -899,7 +899,7 @@
} }
/** /**
* Gets the value at `key`, unless `key` is "__proto__". * Gets the value at `key`, unless `key` is "__proto__" or "constructor".
* *
* @private * @private
* @param {Object} object The object to query. * @param {Object} object The object to query.
@ -907,6 +907,10 @@
* @returns {*} Returns the property value. * @returns {*} Returns the property value.
*/ */
function safeGet(object, key) { function safeGet(object, key) {
if (key === 'constructor' && typeof object[key] === 'function') {
return;
}
return key == '__proto__' return key == '__proto__'
? undefined ? undefined
: object[key]; : object[key];

Loading…
Cancel
Save