I would like to report Prototype pollution in klona
It allows adding arbitrary property to Prototype while deep cloning an object
module name: klonaversion:<1.1.1npm page: https://www.npmjs.com/package/klona
A tiny (366B) and fast utility to “deep clone” Objects, Arrays, Dates, RegExps, and more!
356 weekly downloads
See: https://snyk.io/vuln/SNYK-JS-LODASH-450202
Described here: https://github.com/lukeed/klona/pull/11/files
Note:
This vulnerability was reported directly to owner here https://github.com/lukeed/klona/pull/11 on 10/01/2020.
Fix published in v1.1.1 on 15/01/2020
> Hunter’s comments and funny memes goes here
{F690469}
Denial of Service and possible Remote code execution by overriding object’s property methods like toString