Описание
Sandbox escape in notevil and argencoders-notevil
This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. Note: This vulnerability derives from an incomplete fix in SNYK-JS-NOTEVIL-608878. This package has been deprecated.
Пакеты
notevil
<= 1.3.3
Отсутствует
argencoders-notevil
<= 2.5.0
Отсутствует
Связанные уязвимости
This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).