CVE-2020-8125

CRITICAL

klona < 1.1.0 - Prototype Pollution via Input Validation Flaw

Title source: llm
STIX 2.1

Description

Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.

References (1)

Core 1
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/778414

Scores

CVSS v3 9.8
EPSS 0.0412
EPSS Percentile 89.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
klona_project/klona < 1.1.0
npm/klona 0 - 1.1.1npm
Published Feb 04, 2020
Tracked Since Feb 18, 2026