From 551949d8618bd164a23f8ae36a752081ee1a760f Mon Sep 17 00:00:00 2001
From: mde <mde@fleegix.org>
Date: Wed, 11 May 2022 11:54:01 -0700
Subject: [PATCH] Minor mitigation

---
 lib/utils.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/lib/utils.js b/lib/utils.js
index 5aef7c82..6859abf1 100644
--- a/lib/utils.js
+++ b/lib/utils.js
@@ -25,6 +25,8 @@
 'use strict';
 
 var regExpChars = /[|\\{}()[\]^$+*?.]/g;
+var hasOwnProperty = Object.prototype.hasOwnProperty;
+var hasOwn = function (obj, key) { return hasOwnProperty.apply(obj, [key]); };
 
 /**
  * Escape characters reserved in regular expressions.
@@ -116,6 +118,12 @@ exports.shallowCopy = function (to, from) {
   from = from || {};
   if ((to !== null) && (to !== undefined)) {
     for (var p in from) {
+      if (!hasOwn(from, p)) {
+        continue;
+      }
+      if (p === '__proto__' || p === 'constructor') {
+        continue;
+      }
       to[p] = from[p];
     }
   }
@@ -141,6 +149,12 @@ exports.shallowCopyFromList = function (to, from, list) {
     for (var i = 0; i < list.length; i++) {
       var p = list[i];
       if (typeof from[p] != 'undefined') {
+        if (!hasOwn(from, p)) {
+          continue;
+        }
+        if (p === '__proto__' || p === 'constructor') {
+          continue;
+        }
         to[p] = from[p];
       }
     }