3 matches found
CVE-2020-28495 Prototype Pollution
This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some case...
CVE-2020-28495
Total.js before 3.4.7 is affected by a prototype pollution vulnerability in the set function, which can set values by path and may alter Object.prototype, enabling DoS, remote code execution, or property injection depending on the application. The remediation is to upgrade Total.js to version 3.4...
@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +6 more potentially affected by CVE-2020-28495 via total.js (>=3.2.4 <=3.4.13)
total.js NPM version =3.2.4, =1.1.0, =0.3.0, =4.0.0, =1.0.0, =0.0.1, =0.0.4 Source cves: CVE-2020-28495 Source advisory: SNYK:JS-TOTALJS-1046671...