fix(security): prevent potential prototype pollution via request body filter (#1388)

* fix(security): prevent potential pollution of request body being executed

* An array is expected

packages/server/modules/blobstorage/index.js

@@ -182,7 +182,7 @@ exports.init = async (app) => {
       }
 
       const bq = await getAllStreamBlobIds({ streamId: req.params.streamId })
-      const unknownBlobIds = req.body.filter(
+      const unknownBlobIds = [...req.body].filter(
         (id) => bq.findIndex((bInfo) => bInfo.id === id) === -1
       )
       res.send(unknownBlobIds)