From 0f6c19f6b4f57afd51904c3cb1d64cf9b4ed8e62 Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Thu, 22 Oct 2020 13:44:08 +0300
Subject: [PATCH 1/2] Fix Prototype Pollution

---
 src/core.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/core.ts b/src/core.ts
index 1440fe4e..35198499 100644
--- a/src/core.ts
+++ b/src/core.ts
@@ -248,7 +248,9 @@ export function applyOperation<T>(document: T, operation: Operation, validateOpe
     while (true) {
       key = keys[t];
 
-      if(banPrototypeModifications && key == '__proto__') {
+      if(banPrototypeModifications && 
+          (key == '__proto__' || key == 'constructor' || key == 'prototype')
+        ) {
         throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
       }
 

From 7d88fd23155a7f0ef2a179f5d4f08972cafa2db9 Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Thu, 22 Oct 2020 13:53:05 +0300
Subject: [PATCH 2/2] Enhance constructor/prototype handling

---
 src/core.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/core.ts b/src/core.ts
index 35198499..6de79385 100644
--- a/src/core.ts
+++ b/src/core.ts
@@ -247,11 +247,11 @@ export function applyOperation<T>(document: T, operation: Operation, validateOpe
     }
     while (true) {
       key = keys[t];
-
       if(banPrototypeModifications && 
-          (key == '__proto__' || key == 'constructor' || key == 'prototype')
+          (key == '__proto__' || 
+          (key == 'prototype' && t>0 && keys[t-1] == 'constructor'))
         ) {
-        throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
+        throw new TypeError('JSON-Patch: modifying `__proto__` or `constructor/prototype` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
       }
 
       if (validateOperation) {