form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto[…] causes the library to mutate Object.prototype, which is a prototype pollution primitive of the entire Node.js process. The bug is in treatInitial and treatSecond inside index.cjs: if (inputName in result) { // 'in' walks the prototype chain, so 'proto' matches newResult = result[inputName] // …