This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| notevil(npm) | 0 | N/A | N/A |
| argencoders-notevil(npm) | 0 | N/A | N/A |
CVSS Metrics
