Description
This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).
Remediation
References
https://snyk.io/vuln/SNYK-JS-ARGENCODERSNOTEVIL-2388587
https://snyk.io/vuln/SNYK-JS-NOTEVIL-2385946
Related Vulnerabilities
CVE-2020-13955 Vulnerability in maven package org.apache.calcite:calcite-core
CVE-2020-7226 Vulnerability in maven package org.cryptacular:cryptacular
CVE-2018-14042 Vulnerability in npm package bootstrap-sass
CVE-2019-16869 Vulnerability in maven package io.netty:netty-all
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.13