diff --git a/lib/handlebars/helpers/lookup.js b/lib/handlebars/helpers/lookup.js
index a52e77a04..dcd585178 100644
--- a/lib/handlebars/helpers/lookup.js
+++ b/lib/handlebars/helpers/lookup.js
@@ -1,5 +1,11 @@
 export default function(instance) {
   instance.registerHelper('lookup', function(obj, field) {
-    return obj && obj[field];
+    if (!obj) {
+      return obj;
+    }
+    if (field === 'constructor' && !obj.propertyIsEnumerable(field)) {
+      return undefined;
+    }
+    return obj[field];
   });
 }
diff --git a/spec/security.js b/spec/security.js
index 12b96e629..4a7d83773 100644
--- a/spec/security.js
+++ b/spec/security.js
@@ -2,12 +2,16 @@ describe('security issues', function() {
     describe('GH-1495: Prevent Remote Code Execution via constructor', function() {
         it('should not allow constructors to be accessed', function() {
             shouldCompileTo('{{constructor.name}}', {}, '');
+            shouldCompileTo('{{lookup (lookup this "constructor") "name"}}', {}, '');
         });
 
         it('should allow the "constructor" property to be accessed if it is enumerable', function() {
             shouldCompileTo('{{constructor.name}}', {'constructor': {
                 'name': 'here we go'
             }}, 'here we go');
+            shouldCompileTo('{{lookup (lookup this "constructor") "name"}}', {'constructor': {
+                'name': 'here we go'
+            }}, 'here we go');
         });
 
         it('should allow prototype properties that are not constructors', function() {
@@ -23,6 +27,9 @@ describe('security issues', function() {
 
             shouldCompileTo('{{#with this as |obj|}}{{obj.abc}}{{/with}}',
                 new TestClass(), 'xyz');
+            shouldCompileTo('{{#with this as |obj|}}{{lookup obj "abc"}}{{/with}}',
+                new TestClass(), 'xyz');
+
         });
     });
 });