Lucene search
K

24 matches found

Mageia
Mageia
added 2015/11/19 10:8 p.m.40 views

Updated uglify-js packages fix security vulnerability

The UglifyJS node module has a problem where the combination of De Morgan's Law and non-boolean values can lead to a case where code is incorrectly minified, which can lead to possibly malicious minified JS code...

2.2AI score
Exploits0References2
OSV
OSV
added 2015/11/19 10:8 p.m.2 views

MGASA-2015-0454 Updated uglify-js packages fix security vulnerability

The UglifyJS node module has a problem where the combination of De Morgan's Law and non-boolean values can lead to a case where code is incorrectly minified, which can lead to possibly malicious minified JS code...

7.3AI score
Exploits0References3
Node.js
Node.js
added 2015/10/17 7:41 p.m.137 views

Incorrect Handling of Non-Boolean Comparisons During Minification

Overview Versions of uglify-js prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification. Recommendation Upgrade UglifyJS to version = 2.4.24. References - Backdooring JS - Yan Zhu@bcrypt - Issue 751 - GitHub Advisory...

7.5CVSS2.5AI score0.03559EPSS
Exploits1Affected Software1
RubySec
RubySec
added 2015/07/21 12:0 a.m.18 views

uglifier incorrectly handles non-boolean comparisons during minification

The upstream library for the Ruby uglifier gem, UglifyJS, is affected by a vulnerability that allows a specially crafted Javascript file to have altered functionality after minification. This bug, found in UglifyJS versions 2.4.23 and earlier, was demonstrated to allow potentially malicious code ...

9.8CVSS6.9AI score0.03559EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder