CVE-2021-23771

Name of the Vulnerable Software and Affected Versions notevil versions all argencoders-notevil versions all

Description The issue is related to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. This vulnerability derives from an incomplete fix. The package notevil and its variant argencoders-notevil have been affected, with the latter being deprecated.

Recommendations For notevil all versions, consider restricting access to the main context to prevent prototype pollution. For argencoders-notevil all versions, as the package is deprecated, it is recommended to avoid using it and consider alternative solutions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.