Skyn3T

**Name of the Vulnerable Software and Affected Versions** klona versions 1.1.0 and earlier **Description** A flaw in input validation in the npm package klona may allow a prototype pollution attack, potentially resulting in remote code execution or denial of service of applications using klona. **Recommendations** For klona versions 1.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** bower versions prior to 1.8.8 **Description** The issue allows for a path traversal vulnerability, enabling file write in arbitrary locations via the install command. This occurs because bower does not verify that extracted symbolic links do not resolve to targets outside of the extraction root directory, permitting attackers to write arbitrary files when a malicious package is extracted. **Recommendations** Update to version 1.8.8 or later.