CVE-2020-8125: Improper Input Validation

February 4, 2020 (updated February 6, 2020)

Flaw in input validation in npm package klona version may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.

References

nvd.nist.gov/vuln/detail/CVE-2020-8125

Code Behaviors & Features

Detect and mitigate CVE-2020-8125 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →