CRITICAL 9.8
GHSA-7fm6-gxqg-2pwr
Code Injection in total.js
Details
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
Are you affected?
Enter the version of the package you're using.