Description
Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.
Remediation
References
https://snyk.io/vuln/SNYK-JS-LOCUTUS-598675
https://github.com/kvz/locutus/pull/418/
Related Vulnerabilities
CVE-2015-8857 Vulnerability in npm package uglify-js
CVE-2022-37724 Vulnerability in maven package wonder.utilities:utilities
CVE-2018-16492 Vulnerability in npm package extend
CVE-2020-36649 Vulnerability in npm package papaparse
CVE-2018-14042 Vulnerability in maven package org.fujion.webjars:bootstrap