CVE-2020-8125 – klona

Package

Manager: npm
Name: klona
Vulnerable Version: >=0 <1.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01074 pctl0.76946

Details

Improper Input Validation in klona Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.

Metadata

Created: 2021-04-13T15:41:24Z
Modified: 2021-03-30T16:22:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-8f89-2fwj-5v5r/GHSA-8f89-2fwj-5v5r.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-8f89-2fwj-5v5r
Finding: F184
Auto approve: 1