diff --git a/src/index.js b/src/index.js
index 27617fb..794b2e5 100644
--- a/src/index.js
+++ b/src/index.js
@@ -6,8 +6,17 @@ export default function klona(x) {
 	if (str === '[object Object]') {
 		tmp = {};
 		for (k in x) {
+			if (k === '__proto__') {
+				Object.defineProperty(tmp, k, {
+					value: klona(x[k]),
+					configurable: 1,
+					enumerable: 1,
+					writable: 1,
+				});
+			} else {
 			tmp[k] = klona(x[k]);
 		}
+		}
 		return tmp;
 	}
 
diff --git a/test/index.js b/test/index.js
index f072966..8c4835f 100644
--- a/test/index.js
+++ b/test/index.js
@@ -99,6 +99,7 @@ test('constructor :: pollution', t => {
 	);
 
 	t.not(({})['a0'], true, 'Safe POJO');
+	t.not(new Object()['a0'], true, 'Safe Object');
 	t.not(input['a0'], true, 'Safe input');
 	t.not(output['a0'], true, 'Safe output');
 
@@ -106,9 +107,9 @@ test('constructor :: pollution', t => {
 });
 
 
+// @see https://snyk.io/vuln/SNYK-JS-LODASH-450202
 test('prototype :: pollution', t => {
 	const payload = '{"__proto__":{"a0":true}}';
-
 	const input = JSON.parse(payload);
 	const output = klona(input);
 
@@ -118,6 +119,7 @@ test('prototype :: pollution', t => {
 	);
 
 	t.not(({})['a0'], true, 'Safe POJO');
+	t.not(new Object()['a0'], true, 'Safe Object');
 	t.not(input['a0'], true, 'Safe input');
 	t.not(output['a0'], true, 'Safe output');