Critical severity9.8NVD Advisory· Published Jul 12, 2021· Updated Jun 17, 2026
CVE-2021-23389
CVE-2021-23389
Description
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
total.jsnpm | < 3.4.9 | 3.4.9 |
Affected products
2- total.js/total.jsdescription
Patches
Vulnerability mechanics
References
5- github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3nvdPatchThird Party AdvisoryWEB
- snyk.io/vuln/SNYK-JS-TOTALJS-1088607nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-7fm6-gxqg-2pwrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23389ghsaADVISORY
- github.com/totaljs/framework/blob/master/utils.js%23L6606-L6631nvdBroken LinkWEB
News mentions
0No linked articles in our index yet.