Description
Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.
Remediation
References
https://github.com/kvz/locutus/pull/418/
https://snyk.io/vuln/SNYK-JS-LOCUTUS-598675
Related Vulnerabilities
CVE-2021-27524 Vulnerability in npm package braft-editor
CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.layui:layui
CVE-2013-1880 Vulnerability in maven package org.apache.activemq:activemq-web
CVE-2022-31183 Vulnerability in maven package co.fs2:fs2-io_sjs1_2.13
CVE-2022-36437 Vulnerability in maven package com.hazelcast.jet:hazelcast-jet