GHSA-g6f4-j6c2-w3p3

Опубликовано: 09 окт. 2018

Источник: github

Github: Прошло ревью

Описание

High severity vulnerability that affects uglify-js

Withdrawn, accidental duplicate publish.

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2015-8857
https://github.com/advisories/GHSA-g6f4-j6c2-w3p3

Пакеты

Наименование

uglify-js

npm

Затронутые версииВерсия исправления

< 2.4.24

2.4.24