Prototype Pollution Vulnerability in total.js before 3.4.7

Prototype Pollution Vulnerability in total.js before 3.4.7

CVE-2020-28495 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection.

Learn more about our Web Application Penetration Testing UK.