CVE-2021-23390
npm/total4
Code Injection
The package total4 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
All versions before 0.0.43
Upgrade to version 0.0.43 or above.
2021-07-15