0.013 Low
EPSS
Percentile
85.8%
total.js is vulnerable to path traversal attacks. The vulnerability exists in index.js where req.url is insufficiently sanitized, allowing path traversal attacks.
index.js
req.url
blog.certimetergroup.com/it/articolo/security/total.js-directory-traversal-cve-2019-8903
github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7
github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b