Description
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.
Remediation
References
https://hackerone.com/reports/778414
Related Vulnerabilities
CVE-2021-4133 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2023-45279 Vulnerability in maven package org.yamcs:yamcs-core
CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc
CVE-2019-20149 Vulnerability in maven package org.webjars.npm:kind-of
CVE-2021-40660 Vulnerability in maven package org.javadelight:delight-nashorn-sandbox