CVE-2021-23771
MEDIUMnotevil and argencoders-notevil - Prototype Pollution via Sandbox Escape
Title source: llmDescription
This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-NOTEVIL-2385946
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-ARGENCODERSNOTEVIL-2388587
Scores
CVSS v3
6.5
EPSS
0.0100
EPSS Percentile
58.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-1321
Status
published
Products (4)
argencoders-notevil_project/argencoders-notevil
< 2.5.0
notevil_project/notevil
< 1.3.3
npm/argencoders-notevil
0npm
npm/notevil
0npm
Published
Mar 17, 2022
Tracked Since
Feb 18, 2026