1 results (0.002 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23390 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2021-23390
The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. El paquete total4 versiones anteriores a 0.0.43, son vulnerables a una ejecución de código arbitrario por medio de las funciones U.set() y U.get() • https://github.com/totaljs/framework4/blob/master/utils.js%23L5430-L5455 https://github.com/totaljs/framework4/commit/8a72d8c20f38bbcac031a76a51238aa528f68821 https://snyk.io/vuln/SNYK-JS-TOTAL4-1130527 • CWE-94: Improper Control of Generation of Code ('Code Injection') •