diff --git a/packages/node_modules/pouchdb-utils/src/clone.js b/packages/node_modules/pouchdb-utils/src/clone.js
index fe4cf10bc0..294b91d10a 100644
--- a/packages/node_modules/pouchdb-utils/src/clone.js
+++ b/packages/node_modules/pouchdb-utils/src/clone.js
@@ -36,10 +36,13 @@ function clone(object) {
   newObject = {};
   for (i in object) {
     /* istanbul ignore else */
-    if (Object.prototype.hasOwnProperty.call(object, i)) {
+    if (Object.prototype.hasOwnProperty.call(object, i) && i !== '__proto__') {
       var value = clone(object[i]);
       if (typeof value !== 'undefined') {
         newObject[i] = value;
+        Object.defineProperty(newObject, i, {
+          value, writable: true, enumerable: true, configurable: true
+        });
       }
     }
   }
diff --git a/tests/unit/test.utils.js b/tests/unit/test.utils.js
index 88402a4498..79ae65f80f 100644
--- a/tests/unit/test.utils.js
+++ b/tests/unit/test.utils.js
@@ -7,6 +7,7 @@ var normalizeDdocFunctionName = PouchDB.utils.normalizeDdocFunctionName;
 var parseDdocFunctionName = PouchDB.utils.parseDdocFunctionName;
 var createError = PouchDB.utils.createError;
 var errors = PouchDB.Errors;
+var clone = PouchDB.utils.clone;
 
 describe('test.utils.js', function () {
   describe('the design doc function name normalizer', function () {
@@ -44,4 +45,11 @@ describe('test.utils.js', function () {
       newError.reason.should.equal('love needs no message');
     });
   });
+  describe('clone without __proto__', function () {
+    it ('clones', function () {
+      const input = '{ "__proto__": { "a": 1 } }';
+      const output = clone(JSON.parse(input));
+      Object.getPrototypeOf(output).should.equal(Object.prototype);
+    });
+  });
 });