From be8378d9ff548d2f32d8ec032b36aa22019fc594 Mon Sep 17 00:00:00 2001
From: alerambo <alessio.rambaldi@gmail.com>
Date: Wed, 26 Oct 2022 09:40:40 +0200
Subject: [PATCH] FIX CVE-2021-20088

---
 Source/Types/String.QueryString.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Source/Types/String.QueryString.js b/Source/Types/String.QueryString.js
index e0a5c052..a8ef18b5 100644
--- a/Source/Types/String.QueryString.js
+++ b/Source/Types/String.QueryString.js
@@ -48,7 +48,7 @@ String.implement({
 		if (decodeValues == null) decodeValues = true;
 
 		var vars = this.split(/[&;]/),
-			object = {};
+			object = Object.create(null);
 		if (!vars.length) return object;
 
 		vars.each(function(val){
@@ -62,7 +62,7 @@ String.implement({
 				if (decodeKeys) key = decodeComponent(key);
 				var current = obj[key];
 
-				if (i < keys.length - 1) obj = obj[key] = current || {};
+				if (i < keys.length - 1) obj = obj[key] = current || Object.create(null);
 				else if (typeOf(current) == 'array') current.push(value);
 				else obj[key] = current != null ? [current, value] : value;
 			});