Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Code injection in total.js
Vulnerability Description
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
total.js 代码注入漏洞
Vulnerability Description
total.js是开源的一个采用JavaScript开发用于Node.js平台的框架。它能够用于开发web、桌面、服务和IoT平台。 Total.js 存在代码注入漏洞,该漏洞源于在 3.4.9 版本之前的 total.js 框架中,使用用户控制的值调用 utils.set 函数会导致代码注入。攻击者可利用该漏洞生成非法的代码段,修改网络系统或组件的预期的执行控制流。
CVSS Information
N/A
Vulnerability Type
N/A