Total.js Security Vulnerabilities and Issues — Total.js CVE List | Vulners.com

Lucene search

K

TotaljsTotal.js

3 matches found

CVE•added 2021/02/02 11:15 a.m.•95 views

CVE-2020-28494

This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option shell set to true an...

8.6CVSS8.6AI score0.01199EPSS

CVE•added 2024/10/25 5:15 p.m.•41 views

CVE-2024-48655

An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.

8.8CVSS7.9AI score0.04145EPSS

CVE•added 2022/10/30 12:15 a.m.•39 views

CVE-2022-44019

In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.

8.8CVSS8.8AI score0.02295EPSS