Versions of klona prior to 1.1.1 are vulnerable to prototype pollution. The package does not restrict the modification of an Object's prototype when cloning objects, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation Upgrade to version 1.1.1 or later.
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8f89-2fwj-5v5r. This link is maintained to preserve external references. Original Description Versions of klona prior to 1.1.1 are vulnerable to prototype pollution. The package does not restrict the modification of an Object's prototype when cloning objects, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation Upgrade to …
Flaw in input validation in npm package klona version may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.