Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js

🗓️ 24 Oct 2017 18:33:36Reported by GitHub Advisory DatabaseType

Incorrect handling in uglify-js may alter JavaScript functionality after minificatio

Reporter	Title	Published	Views	Family All 21
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in IBM Data Science Experience Local - Incorrect Handling of Non-Boolean Comparison During Minification	16 Jun 201814:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager Virtual Appliance	30 Jun 202305:54	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform	17 Feb 202315:44	–	ibm
CNVD	Joyent Node.js UglifyJS Security Bypass Vulnerability	24 Apr 201600:00	–	cnvd
CVE	CVE-2015-8857	23 Jan 201721:00	–	cve
Cvelist	CVE-2015-8857	23 Jan 201721:00	–	cvelist
Debian CVE	CVE-2015-8857	23 Jan 201721:00	–	debiancve
EUVD	EUVD-2017-0154	7 Oct 202500:30	–	euvd
Github Security Blog	High severity vulnerability that affects uglify-js	9 Oct 201800:39	–	github
Node.js	Incorrect Handling of Non-Boolean Comparisons During Minification	17 Oct 201519:41	–	nodejs

Vulners

Node

uglifierRange<2.7.2rubygems

uglify-jsRange<2.4.24npm

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2015-8857
github	www.github.com/mishoo/UglifyJS2/issues/751
zyan	www.zyan.scripts.mit.edu/blog/backdooring-js/
openwall	www.openwall.com/lists/oss-security/2016/04/20/11
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/uglifier/CVE-2015-8857.yml
web	www.web.archive.org/web/20200227190830/http://www.securityfocus.com/bid/96410
github	www.github.com/lautis/uglifier/commit/4677bfe38142937ff952f95605bcec4618892c3e
github	www.github.com/advisories/GHSA-34r7-q49f-h37c

12 Apr 2023 17:38Current

8.8High risk

Vulners AI Score8.8

CVSS 27.5

CVSS 3.19.8

EPSS0.0027