The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.
9.8CVSS
9.6AI Score
0.014EPSS
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
9.8CVSS
9.5AI Score
0.006EPSS