Sandbox Bypass

Vulnerability

All versions of the npm packages notevil and argencoders-notevil are vulnerable to a sandbox escape that leads to prototype pollution [1]. The packages fail to properly restrict access to the main JavaScript context, allowing an attacker to add or modify properties on Object.prototype. This vulnerability stems from an incomplete fix for a previous issue (SNYK-JS-NOTEVIL-608878) [1][2].

Exploitation

An attacker can exploit this by providing crafted input to the sandboxed evaluation function. The sandbox does not adequately isolate the global context, enabling the attacker to access and manipulate the prototype chain. No authentication or special privileges are required; the attacker only needs to supply malicious code to the sandbox [2][3].

Impact

Successful exploitation results in prototype pollution, which can lead to denial of service (via JavaScript exceptions) or remote code execution by altering the behavior of the application. The attacker can inject properties that are inherited by all objects, potentially compromising the entire application [2][3].

Mitigation

No patched versions exist for either package. The notevil repository was archived on December 28, 2021, and is no longer maintained [4]. Users should avoid using these packages and migrate to a maintained alternative. As of the publication date, this vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.