GHSA-4r97-78gf-q24v – klona

Package

Manager: npm
Name: klona
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Prototype Pollution in klona ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8f89-2fwj-5v5r. This link is maintained to preserve external references. ## Original Description Versions of `klona` prior to 1.1.1 are vulnerable to prototype pollution. The package does not restrict the modification of an Object's prototype when cloning objects, which may allow an attacker to add or modify an existing property that will exist on all objects. ## Recommendation Upgrade to version 1.1.1 or later.

Metadata

Created: 2020-09-04T17:53:27Z
Modified: 2025-07-18T19:42:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-4r97-78gf-q24v/GHSA-4r97-78gf-q24v.json
CWE IDs: ["CWE-1321"]
Alternative ID: N/A
Finding: F390
Auto approve: 1