Description

Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.

Remediation

References

https://hackerone.com/reports/778414

Related Vulnerabilities

CVE-2023-32695 Vulnerability in npm package socket.io-parser

CVE-2023-37908 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-xml

CVE-2022-25352 Vulnerability in npm package libnested

CVE-2022-2047 Vulnerability in maven package org.eclipse.jetty:jetty-http

CVE-2022-43428 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

Severity

Critical

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory