diff --git a/lib/helpers/formDataToJSON.js b/lib/helpers/formDataToJSON.js
index bc36d65b..6c6f7049 100644
--- a/lib/helpers/formDataToJSON.js
+++ b/lib/helpers/formDataToJSON.js
@@ -68,7 +68,7 @@ function formDataToJSON(formData) {
       return !isNumericKey;
     }
 
-    if (!target[name] || !utils.isObject(target[name])) {
+    if (!utils.hasOwnProp(target, name) || !utils.isObject(target[name])) {
       target[name] = [];
     }
 
diff --git a/tests/unit/helpers/formDataToJSON.test.js b/tests/unit/helpers/formDataToJSON.test.js
index 68ab0ab3..c32a50ac 100644
--- a/tests/unit/helpers/formDataToJSON.test.js
+++ b/tests/unit/helpers/formDataToJSON.test.js
@@ -95,4 +95,25 @@ describe('formDataToJSON', () => {
     expect({}.x).toEqual(undefined);
     expect({}.y).toEqual(undefined);
   });
+
+  it('should not write through to inherited objects on Object.prototype', () => {
+    Object.defineProperty(Object.prototype, 'injected', {
+      value: { hijack: true },
+      configurable: true,
+      writable: true,
+    });
+
+    try {
+      const formData = new FormData();
+
+      formData.append('injected.hijack', 'STOLEN');
+
+      const result = formDataToJSON(formData);
+
+      expect(result.injected).toEqual({ hijack: 'STOLEN' });
+      expect(Object.prototype.injected.hijack).toBe(true);
+    } finally {
+      delete Object.prototype.injected;
+    }
+  });
 });