CVE-2021-23771

Summary

This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. Note: This vulnerability derives from an incomplete fix in SNYK-JS-NOTEVIL-608878.

Affected Software

VendorProductVersion RangeStatus
n/anotevil0 < unspecifiedaffected
n/aargencoders-notevil0 < unspecifiedaffected

Weaknesses

  • Sandbox Bypass

ADP Enrichment

CVE Program Container

Additional References

References