GitHub_MCVELIST:CVE-2021-32831CVE-2021-32831 Code injection in total.js
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.0%
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP’s Laravel or Python’s Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.
CNA Affected
[
{
"product": "framework",
"vendor": "totaljs",
"versions": [
{
"status": "affected",
"version": "< 3.4.9"
}
]
}
]Related
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.0%