Overview
Versions of uglify-js prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification.
Remediation
Upgrade UglifyJS to version >= 2.4.24.
Resources
[Backdooring JS - Yan Zhu(@bcrypt)](https://zyan.scripts.mit.edu[Backdooring JS - Yan Zhu(@bcrypt)]/blog/backdooring-js/) Issue #751
Have content suggestions? Send them to [email protected]
Advisory timeline
reported
published
Advisory published
