CVE-2021-23390

Code Injection in npm/total4

Identifier

CVE-2021-23390

Package Slug

npm/total4

Vulnerability

Code Injection

Description

The package total4 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

Affected Versions

All versions before 0.0.43

Solution

Upgrade to version 0.0.43 or above.

Last Modified

2021-07-15

source