Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sandbox Bypass
Vulnerability Description
This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
notevil 注入漏洞
Vulnerability Description
notevil是一个开源的npm包。 notevil 存在注入漏洞,该漏洞源于未能限制对主上下文的访问,从而允许攻击者添加或修改对象的原型。容易受到沙盒逃逸的影响,从而导致原型污染。
CVSS Information
N/A
Vulnerability Type
N/A