Vulnerabilities > Totaljs > Total JS > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-30 | CVE-2022-44019 | OS Command Injection vulnerability in Totaljs Total.Js In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. | 8.8 |
2021-07-12 | CVE-2021-23389 | Code Injection vulnerability in Totaljs Total.Js The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | 7.5 |
2021-03-04 | CVE-2021-23344 | Code Injection vulnerability in Totaljs Total.Js The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. | 7.5 |
2021-02-02 | CVE-2020-28495 | Unspecified vulnerability in Totaljs Total.Js This affects the package total.js before 3.4.7. | 7.5 |
2021-02-02 | CVE-2020-28494 | Command Injection vulnerability in Totaljs Total.Js This affects the package total.js before 3.4.7. | 7.5 |