Totaljs: >> Total.js Security Vulnerabilities
This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection.
CVSS Score
7.3
EPSS Score
0.061
Published
2021-02-02
index.js in Total.js Platform before 3.2.3 allows path traversal.
CVSS Score
7.5
EPSS Score
0.533
Published
2019-02-18
Page 2