notevil@1.3.3 vulnerabilities
Evalulate javascript like the built-in eval() method but safely
-
latest version
1.3.3
-
first published
10 years ago
-
latest version published
4 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the notevil package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
notevil is a module uses esprima to parse the javascript AST then walks each node and evaluates the result **Note:**This package has been deprecated. Affected versions of this package are vulnerable to Sandbox Bypass. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. Note: This vulnerability derives from an incomplete fix in SNYK-JS-NOTEVIL-608878. How to fix Sandbox Bypass? There is no fixed version for |
*
|