CVE-2021-23771

MEDIUM Year: 2021
CVSS v3 Score
6.5
Medium
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-1321
View all →

Vulnerability Description

This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).

Related Vulnerabilities

CVE-2023-26920

MEDIUM
CVSS:6.5(Medium)

fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.

CWE-13212023

CVE-2024-21509

MEDIUM
CVSS:6.5(Medium)

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js...

CWE-13212024

CVE-2024-23339

MEDIUM
CVSS:6.5(Medium)

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`,...

CWE-13212024

CVE-2024-38997

MEDIUM
CVSS:6.5(Medium)

adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Serv...

CWE-13212024

CVE-2024-39000

MEDIUM
CVSS:6.5(Medium)

adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS)...

CWE-13212024

CVE-2024-39853

MEDIUM
CVSS:6.5(Medium)

adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) ...

CWE-13212024