Lucene search

Code Injection in total.js

🗓️ 10 Dec 2021 17:06:26Reported by GitHub Advisory DatabaseType

Code Injection in total.js before 3.4.9 via U.set() and U.get() function

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Prion	Code injection	12 Jul 202116:15	–	prion
OSV	CVE-2021-23389	12 Jul 202116:15	–	osv
OSV	Code Injection in total.js	10 Dec 202117:26	–	osv
Cvelist	CVE-2021-23389 Arbitrary Code Execution	12 Jul 202115:15	–	cvelist
NVD	CVE-2021-23389	12 Jul 202116:15	–	nvd
CVE	CVE-2021-23389	12 Jul 202116:15	–	cve
OpenVAS	Total.js < 3.4.9 Multiple Vulnerabilities	14 Jul 202100:00	–	openvas

Vulners

Node

totaljs total.jsRange<3.4.9

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-23389
github	www.github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3
github	www.github.com/totaljs/framework/blob/master/utils.js%23L6606-L6631
snyk	www.snyk.io/vuln/SNYK-JS-TOTALJS-1088607
github	www.github.com/advisories/GHSA-7fm6-gxqg-2pwr

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 Dec 2021 17:26Current

5.7Medium risk

Vulners AI Score5.7

CVSS27.5

CVSS39.8

EPSS0.0534

CWE-94