High severityNVD Advisory· Published Aug 30, 2021· Updated Aug 3, 2024
Code injection in total.js
CVE-2021-32831
Description
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
total.jsnpm | < 3.4.9 | 3.4.9 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-vwhc-pww7-72x6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32831ghsaADVISORY
- securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljsghsaADVISORY
- github.com/totaljs/framework/blob/e644167d5378afdc45cb0156190349b2c07ef235/changes.txtghsax_refsource_MISCWEB
- github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3ghsax_refsource_MISCWEB
- securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/mitrex_refsource_CONFIRM
- www.npmjs.com/package/total.jsghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.