Uncontrolled Resource Consumption
The package locutus are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function.
Advisories for Npm/Locutus package
2021
2020
Improper Input Validation
The locutus package is vulnerable to Prototype Pollution via the php.strings.parse_str function.
Injection Vulnerability
php/exec/escapeshellarg in Locutus PHP allows an attacker to execute code.