Vulnerabilities > CVE-2021-23771

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
argencoders-notevil-project
notevil-project
NVD
Published: 2022-03-17
Updated: 2022-03-24

Summary

This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).

Vulnerable Configurations

Part Description Count
Application
Argencoders-Notevil_Project
17
Application
Notevil_Project
19

References