EPSS
Percentile
79.0%
total.js is vulnerable to remote code execution. Lack of sanitization of user-provided values allows an attacker to inject and execute malicious code via the function utils.set.
utils.set
github.com/totaljs/framework/blob/e644167d5378afdc45cb0156190349b2c07ef235/changes.txt#L11
github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3
securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs