Description
The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.
Remediation
References
https://github.com/totaljs/framework/commit/c812bbcab8981797d3a1b9993fc42dad3d246f04
https://snyk.io/vuln/SNYK-JS-TOTALJS-1077069
Related Vulnerabilities
CVE-2021-34081 Vulnerability in npm package gitsome
CVE-2018-9206 Vulnerability in npm package blueimp-file-upload
CVE-2023-44487 Vulnerability in maven package io.netty:netty-codec-http2
CVE-2023-26136 Vulnerability in maven package org.webjars.bowergithub.salesforce:tough-cookie
CVE-2020-15138 Vulnerability in maven package org.webjars:prismjs