Merge pull request #890 from javascript-obfuscator/issue-880

Fixed CVE-2019-18413

CHANGELOG.md

@@ -1,5 +1,9 @@
 Change Log
 
+v2.10.7
+---
+* Fixed CVE-2019-18413. Fixed https://github.com/javascript-obfuscator/javascript-obfuscator/issues/880
+
 v2.10.6
 ---
 * Added support of `top-level await`. Fixed https://github.com/javascript-obfuscator/javascript-obfuscator/issues/884

package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-obfuscator",
-  "version": "2.10.6",
+  "version": "2.10.7",
   "description": "JavaScript obfuscator",
   "keywords": [
     "obfuscator",

src/options/Options.ts

@@ -60,6 +60,7 @@ export class Options implements IOptions {
      * @type {ValidatorOptions}
      */
     private static readonly validatorOptions: ValidatorOptions = {
+        forbidUnknownValues: true,
         validationError: {
             target: false
         }