Resolve vulnerability: Function Call Object Injection Sink
AI GENERATED PATCH
The suggested code changes in this MR were produced by using the GitLab Duo Resolve this vulnerability feature, using AI. Before you apply the code changes, carefully review and test them, to ensure that they solve the vulnerability, don't harm the functional behaviour of your application or introduce new vulnerabilities.
The large language model that generated the suggested code changes was only provided with the affected lines of code, and the vulnerability in that code. It is not aware of any functionality outside of this context.
Description:
Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.
- Severity: Critical
- Confidence: Unknown
- Location: app/assets/javascripts/lib/utils/url_utility.js:547