uglify-js
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting uglify-jspage 1 of 1
- CVE-2015-8857CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.4.242017-01-23
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by lev…
- CVE-2015-8858HIGHCVSS 7.5EG 7.5✓ Fixed in 2.6.02017-01-23
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
Check whether uglify-js is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for uglify-js CVEs against the assets you own.
Start Free Scan →