From 3a0283b94dab3c9d569413e187b91c4edd0e59a8 Mon Sep 17 00:00:00 2001
From: Asjid Kalam <asjid.kalam@gmail.com>
Date: Thu, 28 Jan 2021 11:09:17 +0530
Subject: [PATCH 1/2] fixed prototype pollution

---
 src/index.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/index.ts b/src/index.ts
index d3971c8..4d3c099 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -176,6 +176,11 @@ export default class PTree {
 
     // Iterative deep object descent & set
     let obj = this.root;
+    
+    // Prototype pollution mitigation
+    if(segments.includes('__proto__') || segments.includes('constructor') || segments.includes('prototype')){
+      return undefined;
+    }
 
     for (let i = 0; i < segments.length; i++) {
       const current = obj;

From beaf496744d9c298e3dfc6ea701014d68e787f1b Mon Sep 17 00:00:00 2001
From: Asjid Kalam <asjid.kalam@gmail.com>
Date: Thu, 28 Jan 2021 11:10:15 +0530
Subject: [PATCH 2/2] Update index.js

---
 dist/index.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dist/index.js b/dist/index.js
index 241a927..a2ba181 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -146,6 +146,9 @@ class PTree {
     set(key, value) {
         const segments = getSegments(key);
         let obj = this.root;
+        if(segments.includes('__proto__') || segments.includes('constructor') || segments.includes('prototype')){
+            return undefined;
+        }
         for (let i = 0; i < segments.length; i++) {
             const current = obj;
             const seg = segments[i];