Closed
Description
as the bug https://snyk.io/vuln/npm:qs:20170213 report fixed, but the other bypass
a = qs.parse("[=toString", {allowPrototypes: false})
// { toString: true }
still exists.
{{ message }}
as the bug https://snyk.io/vuln/npm:qs:20170213 report fixed, but the other bypass
a = qs.parse("[=toString", {allowPrototypes: false})
// { toString: true }
still exists.