CVE-2021-32831

Name of the Vulnerable Software and Affected Versions Total.js framework versions prior to 3.4.9

Description The issue arises when the utils.set function is called with user-controlled values, leading to code-injection. This can result in arbitrary code execution. The Total.js framework is a Node.js platform written in pure JavaScript, similar to PHP's Laravel or Python's Django.

Recommendations For versions prior to 3.4.9, update to version 3.4.9 to resolve the issue. As a temporary workaround, consider restricting the use of the utils.set function with user-controlled values until the update is applied.