From 74a05bc336718a3c203f4e1da44b4c7c225510c1 Mon Sep 17 00:00:00 2001
From: Jason Saayman <jasonsaayman@gmail.com>
Date: Sat, 18 Apr 2026 15:15:07 +0200
Subject: [PATCH] fix(security): guard http adapter config reads against
 prototype pollution

---
 lib/adapters/http.js | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/adapters/http.js b/lib/adapters/http.js
index 63947ff4..9412c273 100755
--- a/lib/adapters/http.js
+++ b/lib/adapters/http.js
@@ -333,8 +333,15 @@ const http2Transport = {
 export default isHttpAdapterSupported &&
   function httpAdapter(config) {
     return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) {
-      let { data, lookup, family, httpVersion = 1, http2Options } = config;
-      const { responseType, responseEncoding } = config;
+      const own = (key) => (utils.hasOwnProp(config, key) ? config[key] : undefined);
+      let data = own('data');
+      let lookup = own('lookup');
+      let family = own('family');
+      let httpVersion = own('httpVersion');
+      if (httpVersion === undefined) httpVersion = 1;
+      let http2Options = own('http2Options');
+      const responseType = own('responseType');
+      const responseEncoding = own('responseEncoding');
       const method = config.method.toUpperCase();
       let isDone;
       let rejected = false;
@@ -679,8 +686,9 @@ export default isHttpAdapterSupported &&
       if (isHttp2) {
         transport = http2Transport;
       } else {
-        if (config.transport) {
-          transport = config.transport;
+        const configTransport = own('transport');
+        if (configTransport) {
+          transport = configTransport;
         } else if (config.maxRedirects === 0) {
           transport = isHttpsRequest ? https : http;
         } else {