Totaljs: >> Total.js >> 3.4.8 Security Vulnerabilities
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.
CVSS Score
8.8
EPSS Score
0.017
Published
2022-10-30
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.
CVSS Score
7.5
EPSS Score
0.009
Published
2021-08-30
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
CVSS Score
9.8
EPSS Score
0.053
Published
2021-07-12