CVE-2021-23389
npm/total.js
Code Injection
The package total.js are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
All versions before 3.4.9
Upgrade to version 3.4.9 or above.
2021-07-15