{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T00:21:51.933","vulnerabilities":[{"cve":{"id":"CVE-2020-8125","sourceIdentifier":"support@hackerone.com","published":"2020-02-04T20:15:14.620","lastModified":"2026-06-17T03:25:54.273","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona."},{"lang":"es","value":"Un fallo en la comprobación de entrada en el paquete npm klona versión 1.1.0 y anteriores, puede permitir un ataque de contaminación prototipo que puede resultar en una ejecución de código remota o una denegación de servicio de aplicaciones que utilizan klona."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"n/a","product":"klona npm module","versions":[{"version":"Fixed Version: v1.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:klona_project:klona:*:*:*:*:*:node.js:*:*","versionEndIncluding":"1.1.0","matchCriteriaId":"396A49A5-EFED-4C00-9F66-425D4DE1112B"}]}]}],"references":[{"url":"https://hackerone.com/reports/778414","source":"support@hackerone.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/778414","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}