Description

Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.

Remediation

References

https://hackerone.com/reports/778414

Related Vulnerabilities

CVE-2021-23431 Vulnerability in npm package joplin

CVE-2018-11696 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2021-43306 Vulnerability in maven package org.webjars:jquery-validation

CVE-2023-30363 Vulnerability in npm package vconsole

CVE-2023-25194 Vulnerability in maven package org.apache.kafka:kafka-clients

Severity

Critical

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory