CVE-2020-28495

Summary

This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection.

Affected Software

VendorProductVersion RangeStatus
n/atotal.jsunspecified < 3.4.7affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References