VDB
KO
CRITICAL 9.8

GHSA-7fm6-gxqg-2pwr

Code Injection in total.js

Details

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / total.js
Introduced in: 0 Fixed in: 3.4.9
Fix npm install total.js@3.4.9

References