Nectar of the Programming Masses
Severity: low

Incorrect Handling of Non-Boolean Comparisons During Minification

uglify-js

Overview

Versions of uglify-js prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification.

Remediation

Upgrade UglifyJS to version >= 2.4.24.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Aug 24th, 2015
  2. reported

    Initial report by Tom MacWright
    Oct 17th, 2015