Name of the Vulnerable Software and Affected Versions notevil versions prior to 1.3.2

Description The issue allows for Sandbox Escape leading to Remote Code Execution due to the package's failure to prevent access to the Function constructor. This is caused by not checking the return values of function calls, enabling attackers to access the Function prototype's constructor.

Recommendations Upgrade to version 1.3.2 or later.