Advisories for Npm/Argencoders-Notevil package

2022

Sandbox escape in notevil and argencoders-notevil

This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. Note: This vulnerability derives from an incomplete fix in SNYK-JS-NOTEVIL-608878.