{"id":"CVE-2020-7719","details":"Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.","aliases":["GHSA-f98m-q3hr-p5wq"],"modified":"2026-03-13T22:15:47.167797Z","published":"2020-09-01T10:15:10.560Z","related":["SNYK-JS-LOCUTUS-598675"],"references":[{"type":"EVIDENCE","url":"https://github.com/kvz/locutus/pull/418/"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JS-LOCUTUS-598675"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/locutusjs/locutus","events":[{"introduced":"0"},{"fixed":"5173554c4be3133f67c9cb20469d5ffbd94b2462"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.12"}]}}],"versions":["v1.3.2","v2.0.0","v2.0.1","v2.0.10","v2.0.11","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7719.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}