Description
Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.
Remediation
References
https://github.com/kvz/locutus/pull/418/
https://snyk.io/vuln/SNYK-JS-LOCUTUS-598675
Related Vulnerabilities
CVE-2022-0672 Vulnerability in maven package org.eclipse.lemminx:lemminx-parent
CVE-2022-24814 Vulnerability in npm package directus
CVE-2018-16492 Vulnerability in maven package org.webjars.npm:extend
CVE-2021-29620 Vulnerability in maven package com.epam.reportportal:service-api
CVE-2023-4043 Vulnerability in maven package org.eclipse.parsson:parsson