Hi, i'm looking at CVE-2022-24999 vulnerability, but i'm confused about how Prototype Pollution is caused, i read the source code, i think the [hasOwnProperty] function has filtered 'proto' attribution, and even if i set 'allowPrototype' as true, it will asign an object to 'proto', so it won't cause Prototype Pollution.
So, if you can give me some hint, i'll appreciate it very much!

As you can see from the linked PR, #428, it's not actually "prototype pollution" in that it doesn't pollute any shared [[Prototype]] objects - but it can pollute the prototype of the resulting parsed object, which can cause bugs in server code.