CNNVD-202602-551 Information

CNNVD ID

CNNVD-202602-551

Related CVE

CVE-2026-25521

• CNNVD Published: 2026-02-04

Description (Chinese)

Locutus是Locutus开源的一个JavaScript代码库。 Locutus 2.0.12版本至2.0.39之前版本存在安全漏洞，该漏洞源于用户输入检查不足，可能导致原型污染。

Description (English)

Locutus is a JavaScript code library of Locutus open source. There was a safety loophole in prior versions of Locutus 2.0.12 to 2.0.39, which stemmed from insufficient user input checks and could lead to prototype contamination.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Locutus

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/locutusjs/locutus/commit/042af9ca7fde2ff599120783e720a17f335bb01c https://github.com/locutusjs/locutus/security/advisories/GHSA-rxrv-835q-v5mh https://access.redhat.com/security/cve/cve-2026-25521

Patch

https://github.com/locutusjs/locutus/releases