fix(security): prevent potential prototype pollution via request body filter (#1388)

* fix(security): prevent potential pollution of request body being executed * An array is expected
2023-02-20 15:03:02 +00:00 · 2023-02-20 15:03:02 +00:00 · 787e85605c
--- a/packages/server/modules/blobstorage/index.js
+++ b/packages/server/modules/blobstorage/index.js
@ -182,7 +182,7 @@ exports.init = async (app) => {
      }
      const bq = await getAllStreamBlobIds({ streamId: req.params.streamId })
-      const unknownBlobIds = req.body.filter(
+      const unknownBlobIds = [...req.body].filter(
        (id) => bq.findIndex((bInfo) => bInfo.id === id) === -1
      )
      res.send(unknownBlobIds)