huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(security): prevent potential prototype pollution via request body filter (#1388)

Browse Source 
* fix(security): prevent potential pollution of request body being executed

* An array is expected
This commit is contained in:
Iain Sproat
2023-02-20 15:03:02 +00:00
committed by GitHub
parent 5880356396
commit 787e85605c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/modules/blobstorage/index.js
+1 -1
View File
@@ -182,7 +182,7 @@ exports.init = async (app) => {
}
const bq = await getAllStreamBlobIds({ streamId: req.params.streamId })
const unknownBlobIds = req.body.filter(
const unknownBlobIds = [...req.body].filter(
(id) => bq.findIndex((bInfo) => bInfo.id === id) === -1
)
res.send(unknownBlobIds)