RSS   Vulnerabilities for 'Uglifyjs'   RSS

2017-01-23
 
CVE-2015-8858

 
 
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."

 
 
CVE-2015-8857

 
 
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.

 

Copyright 2024, cxsecurity.com

 

Back to Top