Description
Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.
Remediation
References
https://github.com/kvz/locutus/pull/418/
https://snyk.io/vuln/SNYK-JS-LOCUTUS-598675
Related Vulnerabilities
CVE-2020-35491 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2021-23518 Vulnerability in npm package cached-path-relative
CVE-2021-32827 Vulnerability in maven package org.mock-server:mockserver-core
CVE-2020-7656 Vulnerability in maven package org.fujion.webjars:jquery
CVE-2020-7760 Vulnerability in maven package org.webjars.bower:codemirror