Description

Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.

Remediation

References

https://hackerone.com/reports/778414

Related Vulnerabilities

CVE-2021-43306 Vulnerability in maven package org.webjars.bower:jquery-validation

CVE-2022-24847 Vulnerability in maven package org.geoserver.community:gs-jdbcconfig

CVE-2019-12041 Vulnerability in maven package org.webjars:remarkable

CVE-2023-39154 Vulnerability in maven package com.qualys.plugins:qualys-was

CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.r5

Severity

Critical

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory