Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Locutus is vulnerable to Prototype Pollution
Vulnerability Description
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using String.prototype. This issue has been patched in version 2.0.39.
CVSS Information
N/A
Vulnerability Type
CWE-1321
Vulnerability Title
Locutus 安全漏洞
Vulnerability Description
Locutus是Locutus开源的一个JavaScript代码库。 Locutus 2.0.12版本至2.0.39之前版本存在安全漏洞,该漏洞源于用户输入检查不足,可能导致原型污染。
CVSS Information
N/A
Vulnerability Type
N/A