CVE-2021-23389

Code Injection in npm/total.js

Identifier

CVE-2021-23389

Package Slug

npm/total.js

Vulnerability

Code Injection

Description

The package total.js are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

Affected Versions

All versions before 3.4.9

Solution

Upgrade to version 3.4.9 or above.

Last Modified

2021-07-15

source