Description

Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.

Remediation

References

https://hackerone.com/reports/778414

Related Vulnerabilities

CVE-2022-0764 Vulnerability in npm package strapi

CVE-2020-17527 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war

CVE-2021-41973 Vulnerability in maven package org.apache.mina:mina-http

CVE-2022-25842 Vulnerability in maven package com.alibaba.oneagent:one-java-agent-plugin

Severity

Critical

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory