CVE-2020-8125
Improper Input Validation in klona
9.8
CRITICAL
CVSS 3.1
EPSS 1.1%
Description
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.
How to fix CVE-2020-8125
To remediate CVE-2020-8125, upgrade the affected package to a fixed version below.
- npm/klona—upgrade to 1.1.1 or later
Is CVE-2020-8125 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |