CVE-2020-8125
CRITICALklona < 1.1.0 - Prototype Pollution via Input Validation Flaw
Title source: llmDescription
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.
References (1)
Core 1
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/778414
Scores
CVSS v3
9.8
EPSS
0.0412
EPSS Percentile
89.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
klona_project/klona
< 1.1.0
npm/klona
0 - 1.1.1npm
Published
Feb 04, 2020
Tracked Since
Feb 18, 2026