JSONPath-Plus
diff --git a/‎CHANGES.md
Lines changed: 4 additions & 0 deletions b/‎CHANGES.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎dist/index-browser-esm.js
Lines changed: 3 additions & 0 deletions b/‎dist/index-browser-esm.js
Lines changed: 3 additions & 0 deletions
diff --git a/‎dist/index-browser-esm.min.js
Lines changed: 1 addition & 1 deletion b/‎dist/index-browser-esm.min.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/index-browser-esm.min.js.map
Lines changed: 1 addition & 1 deletion b/‎dist/index-browser-esm.min.js.map
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/index-browser-umd.cjs
Lines changed: 3 additions & 0 deletions b/‎dist/index-browser-umd.cjs
Lines changed: 3 additions & 0 deletions
diff --git a/‎dist/index-browser-umd.min.cjs
Lines changed: 1 addition & 1 deletion b/‎dist/index-browser-umd.min.cjs
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/index-browser-umd.min.cjs.map
Lines changed: 1 addition & 1 deletion b/‎dist/index-browser-umd.min.cjs.map
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/index-node-cjs.cjs
Lines changed: 3 additions & 0 deletions b/‎dist/index-node-cjs.cjs
Lines changed: 3 additions & 0 deletions
diff --git a/‎dist/index-node-esm.js
Lines changed: 3 additions & 0 deletions b/‎dist/index-node-esm.js
Lines changed: 3 additions & 0 deletions
diff --git a/‎package.json
Lines changed: 1 addition & 1 deletion b/‎package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Safe-Script.js
Lines changed: 3 additions & 0 deletions b/‎src/Safe-Script.js
Lines changed: 3 additions & 0 deletions
@@ -1,5 +1,9 @@
 # CHANGES for jsonpath-plus
 
+## 10.0.3
+
+- fix(security): prevent binding of Function calls which may evade detection
+
 ## 10.0.2
 
 - fix(security): prevent Function calls outside of member expressions
 
@@ -1296,6 +1296,9 @@ const SafeEval = {
     const obj = SafeEval.evalAst(ast.object, subs);
     const result = obj[prop];
     if (typeof result === 'function') {
+      if (obj === Function && prop === 'bind') {
+        throw new Error('Function.prototype.bind is disabled');
+      }
       if (result === Function) {
         return result; // Don't bind so can identify and throw later
       }
 
@@ -1302,6 +1302,9 @@
 	    const obj = SafeEval.evalAst(ast.object, subs);
 	    const result = obj[prop];
 	    if (typeof result === 'function') {
+	      if (obj === Function && prop === 'bind') {
+	        throw new Error('Function.prototype.bind is disabled');
+	      }
 	      if (result === Function) {
 	        return result; // Don't bind so can identify and throw later
 	      }
 
@@ -1297,6 +1297,9 @@ const SafeEval = {
     const obj = SafeEval.evalAst(ast.object, subs);
     const result = obj[prop];
     if (typeof result === 'function') {
+      if (obj === Function && prop === 'bind') {
+        throw new Error('Function.prototype.bind is disabled');
+      }
       if (result === Function) {
         return result; // Don't bind so can identify and throw later
       }
 
@@ -1295,6 +1295,9 @@ const SafeEval = {
     const obj = SafeEval.evalAst(ast.object, subs);
     const result = obj[prop];
     if (typeof result === 'function') {
+      if (obj === Function && prop === 'bind') {
+        throw new Error('Function.prototype.bind is disabled');
+      }
       if (result === Function) {
         return result; // Don't bind so can identify and throw later
       }
 
@@ -1,7 +1,7 @@
 {
   "author": "Stefan Goessner",
   "name": "jsonpath-plus",
-  "version": "10.0.2",
+  "version": "10.0.3",
   "type": "module",
   "bin": {
     "jsonpath": "./bin/jsonpath-cli.js",
 
@@ -111,6 +111,9 @@ const SafeEval = {
         const obj = SafeEval.evalAst(ast.object, subs);
         const result = obj[prop];
         if (typeof result === 'function') {
+            if (obj === Function && prop === 'bind') {
+                throw new Error('Function.prototype.bind is disabled');
+            }
             if (result === Function) {
                 return result; // Don't bind so can identify and throw later
             }
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"author": "Stefan Goessner",`
`3`	`3`	`"name": "jsonpath-plus",`
`4`		`- "version": "10.0.2",`
	`4`	`+ "version": "10.0.3",`
`5`	`5`	`"type": "module",`
`6`	`6`	`"bin": {`
`7`	`7`	`"jsonpath": "./bin/jsonpath-cli.js",`