CVE-2020-8125

EUVD-2021-0798
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
klona_projectklona
𝑥
≤ 1.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://hackerone.com/reports/778414
https://hackerone.com/reports/778414