From a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c Mon Sep 17 00:00:00 2001
From: Mike Cebrian <michael.cebrian@gmail.com>
Date: Thu, 20 Oct 2022 15:54:33 -0400
Subject: [PATCH] fix(security): prototype polution exploit (#217)

---
 lib/parseQuery.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/parseQuery.js b/lib/parseQuery.js
index fdca007..4a201a2 100644
--- a/lib/parseQuery.js
+++ b/lib/parseQuery.js
@@ -26,7 +26,7 @@ function parseQuery(query) {
   }
 
   const queryArgs = query.split(/[,&]/g);
-  const result = {};
+  const result = Object.create(null);
 
   queryArgs.forEach((arg) => {
     const idx = arg.indexOf('=');