Lucene search

CVE-2020-28494

🗓️ 02 Feb 2021 11:13:15Reported by [email protected]Type

The package total.js before 3.4.7 is affected by CVE-2020-28494, allowing command execution via image function

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Cvelist	CVE-2020-28494 Command Injection	2 Feb 202110:25	–	cvelist
Prion	Design/Logic Flaw	2 Feb 202111:15	–	prion
CVE	CVE-2020-28494	2 Feb 202111:15	–	cve
Veracode	OS Command Injection	3 Feb 202105:11	–	veracode
OSV	GHSA-4449-HG37-77V8 Command injection in total.js	5 Feb 202120:43	–	osv
OSV	CVE-2020-28494	2 Feb 202111:15	–	osv
Github Security Blog	Command injection in total.js	5 Feb 202120:43	–	github
Node.js	Command Injection	23 Feb 202102:24	–	nodejs
OpenVAS	Total.js < 3.4.7 Multiple Vulnerabilities	8 Feb 202100:00	–	openvas

Nvd

Node

totaljs total.jsRange<3.4.7node.js

Source	Link
snyk	www.snyk.io/vuln/SNYK-JS-TOTALJS-1046672
github	www.github.com/totaljs/framework/commit/6192491ab2631e7c1d317c221f18ea613e2c18a5

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Feb 2021 11:15Current

CVSS27.5

CVSS38.6

EPSS0.01199

CWE-78