Skip to main content
Version: 4.2

JointJS+ Changelog v4.2.4

util​

util – fix to guard merge(), omit(), pick(), and assign() against prototype pollution​

Fix a security issue where merge(), omit(), pick(), and assign() utility functions could be exploited via prototype pollution attacks (e.g. by passing an object with a __proto__ key).

All four functions now guard against attempts to overwrite properties on Object.prototype.