Open
Description
WS-2015-0024 - High Severity Vulnerability
Vulnerable Library - uglify-js-2.2.5.tgz
JavaScript parser, mangler/compressor and beautifier toolkit
path: /tmp/git/keno-server/node_modules/transformers/node_modules/uglify-js/package.json
Library home page: http://registry.npmjs.org/uglify-js/-/uglify-js-2.2.5.tgz
Dependency Hierarchy:
- jade-1.11.0.tgz (Root Library)
- transformers-2.1.0.tgz
- ❌ uglify-js-2.2.5.tgz (Vulnerable Library)
- transformers-2.1.0.tgz
Vulnerability Details
UglifyJS versions 2.4.23 and earlier are affected by a vulnerability which allows a specially crafted Javascript file to have altered functionality after minification.
Publish Date: 2015-08-24
URL: WS-2015-0024
CVSS 2 Score Details (8.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: mishoo/UglifyJS@905b601
Release Date: 2017-01-31
Fix Resolution: v2.4.24
Step up your Open Source Security Game with WhiteSource here