Severity: Critical
CVSS Score: 9.8
Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.