notevil@0.4.0 vulnerabilities
Evalulate javascript like the built-in eval() method but safely
-
latest version
1.3.3
-
first published
11 years ago
-
latest version published
5 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the notevil package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
notevil is a module uses esprima to parse the javascript AST then walks each node and evaluates the result **Note:**This package has been deprecated. Affected versions of this package are vulnerable to Sandbox Bypass. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. Note: This vulnerability derives from an incomplete fix in SNYK-JS-NOTEVIL-608878. How to fix Sandbox Bypass? There is no fixed version for |
*
|
notevil is a module uses esprima to parse the javascript AST then walks each node and evaluates the result **Note:**This package has been deprecated. Affected versions of this package are vulnerable to Prototype Pollution. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. Evaluating the payload How to fix Prototype Pollution? Upgrade |
<1.3.3
|
notevil is a module uses esprima to parse the javascript AST then walks each node and evaluates the result **Note:**This package has been deprecated. Affected versions of this package are vulnerable to Remote Code Execution (RCE). The package fails to prevent access to the How to fix Remote Code Execution (RCE)? Upgrade |
<1.3.2
|