Prototype Pollution in klona

2020-09-04T17:53:27
ID GHSA-4R97-78GF-Q24V
Type github
Reporter GitHub Advisory Database
Modified 2020-09-04T17:53:27

Description

Versions of klona prior to 1.1.1 are vulnerable to prototype pollution. The package does not restrict the modification of an Object's prototype when cloning objects, which may allow an attacker to add or modify an existing property that will exist on all objects.

Recommendation

Upgrade to version 1.1.1 or later.