Filtered by vendor Locutus
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-25521 | 1 Locutus | 1 Locutus | 2026-02-20 | N/A | 8.8 HIGH |
| Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using String.prototype. This issue has been patched in version 2.0.39. | |||||
| CVE-2021-23392 | 1 Locutus | 1 Locutus | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function. | |||||
| CVE-2020-7719 | 1 Locutus | 1 Locutus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. | |||||
| CVE-2020-13619 | 1 Locutus | 1 Locutus Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution. | |||||