Severity: low

Incorrect Handling of Non-Boolean Comparisons During Minification

uglify-js

Overview

Versions of uglify-js prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification.

Remediation

Upgrade UglifyJS to version >= 2.4.24.

Resources

[Backdooring JS - Yan Zhu(@bcrypt)](https://zyan.scripts.mit.edu[Backdooring JS - Yan Zhu(@bcrypt)]/blog/backdooring-js/) Issue #751

Advisory timeline

  1. published

    Advisory published
    Aug 24th, 2015
  2. reported

    Oct 17th, 2015