Overview
Versions of uglify-js prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification.
Remediation
Upgrade UglifyJS to version >= 2.4.24.
Resources
[Backdooring JS - Yan Zhu(@bcrypt)](https://zyan.scripts.mit.edu[Backdooring JS - Yan Zhu(@bcrypt)]/blog/backdooring-js/) Issue #751
Advisory timeline
published
Advisory publishedreported
