fix(provider-utils): prevent unicode escape bypass in secureJsonParse by gr2m · Pull Request #13079 · vercel/ai

gr2m · 2026-03-04T23:52:40Z

Summary

Update secureJsonParse regex patterns to detect unicode-escaped variants of __proto__ and constructor keys, preventing prototype pollution bypass
Aligns with the upstream fix in fastify/secure-json-parse
Add regression tests for partial and fully unicode-escaped key variants

Security

Resolves VULN-774. The previous regex fast-path only matched literal "__proto__" and "constructor" strings. Unicode escapes (e.g., \u005f\u005fproto__) bypassed the regex gate, skipping the filter() safety check, while JSON.parse still normalized them into dangerous keys.

Test plan

Existing secureJsonParse tests pass
New tests verify unicode-escaped __proto__ is rejected
New tests verify unicode-escaped constructor is rejected
Both partial and full unicode escape variants are covered

Update regex patterns to detect unicode-escaped variants of __proto__ and constructor keys, matching the upstream fix in fastify/secure-json-parse. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…ureJsonParse Align with upstream fastify/secure-json-parse by guarding against node.constructor being null or a non-object before calling hasOwnProperty on it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…#13079) ## Summary - Update `secureJsonParse` regex patterns to detect unicode-escaped variants of `__proto__` and `constructor` keys, preventing prototype pollution bypass - Aligns with the upstream fix in [fastify/secure-json-parse](https://github.com/fastify/secure-json-parse) - Add regression tests for partial and fully unicode-escaped key variants ## Security Resolves VULN-774. The previous regex fast-path only matched literal `"__proto__"` and `"constructor"` strings. Unicode escapes (e.g., `\u005f\u005fproto__`) bypassed the regex gate, skipping the `filter()` safety check, while `JSON.parse` still normalized them into dangerous keys. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

vercel-ai-sdk · 2026-03-05T00:05:34Z

✅ Backport PR created: #13083

@gr2m

…eJsonParse (#13083) This is an automated backport of #13079 to the release-v5.0 branch. FYI @gr2m Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

vercel-ai-sdk · 2026-03-05T00:31:32Z

🚀 Published in:

Package	Version
`ai`	`6.0.115`
`@ai-sdk/alibaba`	`1.0.9`
`@ai-sdk/amazon-bedrock`	`4.0.76`
`@ai-sdk/angular`	`2.0.116`
`@ai-sdk/anthropic`	`3.0.57`
`@ai-sdk/assemblyai`	`2.0.23`
`@ai-sdk/azure`	`3.0.41`
`@ai-sdk/baseten`	`1.0.37`
`@ai-sdk/black-forest-labs`	`1.0.23`
`@ai-sdk/bytedance`	`1.0.3`
`@ai-sdk/cerebras`	`2.0.38`
`@ai-sdk/cohere`	`3.0.24`
`@ai-sdk/deepgram`	`2.0.23`
`@ai-sdk/deepinfra`	`2.0.38`
`@ai-sdk/deepseek`	`2.0.23`
`@ai-sdk/elevenlabs`	`2.0.23`
`@ai-sdk/fal`	`2.0.24`
`@ai-sdk/fireworks`	`2.0.39`
`@ai-sdk/gateway`	`3.0.65`
`@ai-sdk/gladia`	`2.0.23`
`@ai-sdk/google`	`3.0.41`
`@ai-sdk/google-vertex`	`4.0.78`
`@ai-sdk/groq`	`3.0.28`
`@ai-sdk/huggingface`	`1.0.36`
`@ai-sdk/hume`	`2.0.23`
`@ai-sdk/klingai`	`3.0.7`
`@ai-sdk/langchain`	`2.0.121`
`@ai-sdk/llamaindex`	`2.0.115`
`@ai-sdk/lmnt`	`2.0.23`
`@ai-sdk/luma`	`2.0.23`
`@ai-sdk/mcp`	`1.0.24`
`@ai-sdk/mistral`	`3.0.23`
`@ai-sdk/moonshotai`	`2.0.9`
`@ai-sdk/open-responses`	`1.0.5`
`@ai-sdk/openai`	`3.0.40`
`@ai-sdk/openai-compatible`	`2.0.34`
`@ai-sdk/perplexity`	`3.0.22`
`@ai-sdk/prodia`	`1.0.20`
`@ai-sdk/provider-utils`	`4.0.18`
`@ai-sdk/react`	`3.0.117`
`@ai-sdk/replicate`	`2.0.23`
`@ai-sdk/revai`	`2.0.23`
`@ai-sdk/rsc`	`2.0.115`
`@ai-sdk/svelte`	`4.0.115`
`@ai-sdk/togetherai`	`2.0.38`
`@ai-sdk/valibot`	`2.0.19`
`@ai-sdk/vercel`	`2.0.36`
`@ai-sdk/vue`	`3.0.115`
`@ai-sdk/xai`	`3.0.66`

fix(provider-utils): prevent unicode escape bypass in secureJsonParse

7993293

Update regex patterns to detect unicode-escaped variants of __proto__ and constructor keys, matching the upstream fix in fastify/secure-json-parse. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

github-actions bot assigned gr2m Mar 4, 2026

tigent bot added ai/provider related to a provider package. Must be assigned together with at least one `provider/*` label bug Something isn't working as documented labels Mar 4, 2026

vercel bot deployed to Preview March 4, 2026 23:53 View deployment

gr2m marked this pull request as ready for review March 4, 2026 23:56

vercel bot deployed to Preview March 4, 2026 23:57 View deployment

vercel-ai-sdk bot approved these changes Mar 4, 2026

View reviewed changes

gr2m enabled auto-merge (squash) March 5, 2026 00:02

gr2m merged commit 824b295 into main Mar 5, 2026
26 checks passed

gr2m deleted the fix/secure-json-parse-unicode-bypass branch March 5, 2026 00:04

vercel-ai-sdk bot mentioned this pull request Mar 5, 2026

Backport: fix(provider-utils): prevent unicode escape bypass in secureJsonParse #13083

Merged

vercel-ai-sdk bot removed the backport Admins only: add this label to a pull request in order to backport it to the prior version label Mar 5, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(provider-utils): prevent unicode escape bypass in secureJsonParse#13079

fix(provider-utils): prevent unicode escape bypass in secureJsonParse#13079
gr2m merged 2 commits intomainfrom
fix/secure-json-parse-unicode-bypass

gr2m commented Mar 4, 2026

Uh oh!

Uh oh!

vercel-ai-sdk bot commented Mar 5, 2026

Uh oh!

vercel-ai-sdk bot commented Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

gr2m commented Mar 4, 2026

Summary

Security

Test plan

Uh oh!

Uh oh!

vercel-ai-sdk bot commented Mar 5, 2026

Uh oh!

vercel-ai-sdk bot commented Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant