5 matches found
CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...
CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...
CVE-2026-25521
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input...
@haxtheweb/create (>=0.1.3 <=26.0.0), @haxtheweb/haxcms-nodejs (>=0.0.2 <=25.0.0) +3 more potentially affected by CVE-2026-25521 via locutus (>=2.0.14 <=2.0.32)
locutus NPM version =2.0.14, =0.1.3, =0.0.2, =11.0.2, =2.1.1, =1.0.66, =1.0.72 Source cves: CVE-2026-25521 Source advisory: OSV:GHSA-RXRV-835Q-V5MH...
@haxtheweb/create (>=0.1.3 <=26.0.0), @haxtheweb/haxcms-nodejs (>=0.0.2 <=25.0.0) +3 more potentially affected by CVE-2026-25521 via locutus (>=2.0.14 <=2.0.32)
locutus NPM version =2.0.14, =0.1.3, =0.0.2, =11.0.2, =2.1.1, =1.0.66, =1.0.72 Source cves: CVE-2026-25521 Source advisory: SNYK:JS-LOCUTUS-15182766...