EUVD-2025-121054

Malicious code in uglify-js-hexo-zenobia-child-process npm...

Linux Distros Unpatched Vulnerability : CVE-2022-37598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an...

SUSE CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

CVE-2022-37598

A prototype pollution vulnerability was found in UglifyJS, stemming from the DEFNODE function in ast.js via the name variable. Exploiting this flaw involves adding or altering properties of the Object.prototype through a "proto" or constructor payload, enabling an attacker to execute arbitrary co...

DEBIAN-CVE-2022-37598

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

AZL-44541 CVE-2022-37598 affecting package js-jquery 3.5.0-4

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

CVE-2022-37598

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

CVE-2022-37598

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

CVE-2022-37598

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

UBUNTU-CVE-2022-37598

DISPUTED Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

Code injection

DISPUTED Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

CVE-2022-37598

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

UglifyJS 安全漏洞

UglifyJS is a JavaScript parser, compressor, cruncher and beautification toolkit for mishoo individual developers. A security vulnerability exists in UglifyJS version 3.13.2, which stems from the susceptibility of ast.js' DEFNODE function to prototype contamination...

CVE-2022-37598

CVE-2022-37598 describes a prototype pollution in Mishoo UglifyJS 3.13.2’s ast.js DEFNODE function, triggered via the name variable and payloads that modify Object.prototype. The connected sources show multiple advisories referencing the same vulnerability in the UglifyJS module, including notes ...

CVE-2022-37598

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

PT-2022-24020 · Mishoo +1 · Uglify-Js +1

Name of the Vulnerable Software and Affected Versions: mishoo UglifyJS version 3.13.2 Description: The issue is related to a prototype pollution vulnerability in the function DEFNODE in ast.js, specifically via the name variable. This vulnerability is present in mishoo UglifyJS. The vendor has...

Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js

Versions of uglify-js prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification. Recommendation Upgrade UglifyJS to version = 2.4.24...

What are Javascript Source Maps?

Its generally a good practice to minify and combine your assets Javascript & CSS when deploying to production. This process reduces the size of your assets and dramatically improves your websites load time. Source maps create a map from these compressed asset files back to the source files. This...

Joyent Node.js UglifyJS Security Bypass Vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js UglifyJS allows remote attackers to alter functionality using specially crafted Javascript files, as the program fails to properly handle Non-Boolean comparisons...

Joyent Node.js UglifyJS Denial of Service Vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A denial of service vulnerability exists in Joyent Node.js UglifyJS due to the program failing to check the input of the .parse function, allowing remote attackers to submit submit special regular...