admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 10:02:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(HTTP Request Node): Fix prototype pollution vulnerability (#15463)

Browse Source
This commit is contained in:
Elias Meire
2025-05-20 15:39:33 +02:00
committed by GitHub
parent 8d1170e3dd
commit 1ffc33dcc6
6 changed files with 65 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/nodes-base/nodes/HttpRequest/GenericFunctions.ts
View File

@@ -4,6 +4,7 @@ import isPlainObject from 'lodash/isPlainObject';
import set from 'lodash/set';
import {
deepCopy,
setSafeObjectProperty,
type ICredentialDataDecryptedObject,
type IDataObject,
type INodeExecutionData,
@@ -48,7 +49,7 @@ function redact<T = unknown>(obj: T, secrets: string[]): T {
return obj.map((item) => redact(item, secrets)) as T;
} else if (isObject(obj)) {
for (const [key, value] of Object.entries(obj)) {
(obj as IDataObject)[key] = redact(value, secrets);
setSafeObjectProperty(obj, key, redact(value, secrets));
}
}