Takeshi Kaneko

icon indicating a website link https://arkark.dev

icon location Japan icon location Web Application Security

Results 3 comments of Takeshi Kaneko

fix: Fix prototype pollution issue in es-toolkit

@raon0211 Hello, I noticed this PR. In general, the denylist for prototype pollution should contain `__proto__`, `constructor`, and `prototype`. - E.g. The patched commit for GHSA-624g-8qjg-8qxf is: - https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de The...

Security Patch.

I've just noticed this issue, and I'm the author of the CTF challenge that used this library. For your reference, here is the writeup: https://blog.arkark.dev/2023/02/17/seccon-finals/#web-100-babybox Thank you for your work...

How to contact for security issues & Adding security policy

Hello, I'll check it when I have time. Thanks.