Search criteria
1 vulnerability by klona_project
CVE-2020-8125 (GCVE-0-2020-8125)
Vulnerability from cvelistv5 – Published: 2020-02-04 19:08 – Updated: 2024-08-04 09:48
VLAI?
Summary
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation (CWE-20)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | klona npm module |
Affected:
Fixed Version: v1.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/778414"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "klona npm module",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed Version: v1.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T19:08:56",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/778414"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "klona npm module",
"version": {
"version_data": [
{
"version_value": "Fixed Version: v1.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation (CWE-20)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/778414",
"refsource": "MISC",
"url": "https://hackerone.com/reports/778414"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8125",
"datePublished": "2020-02-04T19:08:56",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}