[klona] Prototype pollution

I would like to report Prototype pollution in klona It allows adding arbitrary property to Prototype while deep cloning an object # Module **module name:** klona **version:** <1.1.1 **npm page:** `https://www.npmjs.com/package/klona` ## Module Description A tiny (366B) and fast utility to "deep clone" Objects, Arrays, Dates, RegExps, and more! ## Module Stats 356 weekly downloads # Vulnerability ## Vulnerability Description See: https://snyk.io/vuln/SNYK-JS-LODASH-450202 ## Steps To Reproduce: Described here: https://github.com/lukeed/klona/pull/11/files Note: This vulnerability was reported directly to owner here https://github.com/lukeed/klona/pull/11 on 10/01/2020. Fix published in v1.1.1 on 15/01/2020 # Wrap up - I contacted the maintainer to let them know: Y - I opened an issue in the related repository: Y > Hunter's comments and funny memes goes here {F690469} ## Impact Denial of Service and possible Remote code execution by overriding object's property methods like `toString`