From c3e2ee08710d4164d796ecb66ed291335dae9291 Mon Sep 17 00:00:00 2001
From: Alin Eugen Deac <aedart@gmail.com>
Date: Fri, 28 Apr 2023 18:25:43 +0200
Subject: [PATCH] Fix possible prototype pollution

Not entirely sure how likely this will ever be for metadata, but just in case that the entire metadata record's prototype is attempted polluted, then this will prevent it.
---
 packages/support/src/meta/meta.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/support/src/meta/meta.ts b/packages/support/src/meta/meta.ts
index a1c1bc62..31a1ba71 100644
--- a/packages/support/src/meta/meta.ts
+++ b/packages/support/src/meta/meta.ts
@@ -217,7 +217,7 @@ function resolveMetadataRecord(owner: object, context: Context, useMetaFromConte
     }
 
     // Obtain record from registry, or create new empty object.
-    let metadata: MetadataRecord = registry.get(owner) ?? {};
+    let metadata: MetadataRecord = registry.get(owner) ?? Object.create(null);
 
     // In case that the owner has Symbol.metadata defined (e.g. from base class),
     // then merge it current metadata. This ensures that inheritance works as