Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Uglifyjs Project Security Vulnerabilities

cve
cve

CVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.

9.8CVSS

10AI Score

0.008EPSS

2017-01-23 09:59 PM
50
cve
cve

CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."

7.5CVSS

7.2AI Score

0.003EPSS

2017-01-23 09:59 PM
33
cve
cve

CVE-2022-37598

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report.

9.8CVSS

9.3AI Score

0.006EPSS

2022-10-20 11:15 AM
57
5