CVE-2020-8125

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8125

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8125.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-8125

Aliases

GHSA-8f89-2fwj-5v5r

Published

2020-02-04T20:15:14Z

Modified

2025-01-14T08:40:16.925907Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.

References

https://hackerone.com/reports/778414

Affected packages

Git / github.com/lukeed/klona

Affected ranges

Type: GIT
Repo: https://github.com/lukeed/klona
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c969b506c4ecf5677050b671ae65e87e49f4facb

Affected versions

v1.*

v1.0.0

v1.1.0