Description

Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.

Remediation

References

https://hackerone.com/reports/778414

Related Vulnerabilities

CVE-2022-1233 Vulnerability in maven package org.webjars.bower:urijs

CVE-2022-25892 Vulnerability in npm package muhammara

CVE-2021-29451 Vulnerability in maven package com.manydesigns:portofino-core

CVE-2023-5245 Vulnerability in maven package ml.combust.bundle:bundle-ml_2.12

CVE-2021-20323 Vulnerability in maven package org.keycloak:keycloak-core

Severity

Critical

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory