WS-2015-0024 (High) detected in uglify-js-1.2.6.tgz #18

mend-for-github-com · 2020-02-04T14:56:36Z

WS-2015-0024 - High Severity Vulnerability

Vulnerable Library - uglify-js-1.2.6.tgz

JavaScript parser and compressor/beautifier toolkit

Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-1.2.6.tgz

Path to dependency file: /tmp/ws-scm/ksa/ksa-web-root/ksa-web/src/main/webapp/rs/bootstrap/package.json

Path to vulnerable library: /ksa/ksa-web-root/ksa-web/src/main/webapp/rs/bootstrap/node_modules/uglify-js/package.json

Dependency Hierarchy:

❌ uglify-js-1.2.6.tgz (Vulnerable Library)

Found in HEAD commit: 5a3799544bbdfbed38c2c8191a9866ba18bc9768

Vulnerability Details

UglifyJS versions 2.4.23 and earlier are affected by a vulnerability which allows a specially crafted Javascript file to have altered functionality after minification.

Publish Date: 2015-08-24

URL: WS-2015-0024

CVSS 2 Score Details (8.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: mishoo/UglifyJS@905b601

Release Date: 2017-01-31

Fix Resolution: v2.4.24

Check this box to open an automated fix PR

The text was updated successfully, but these errors were encountered:

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 4, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2015-0024 (High) detected in uglify-js-1.2.6.tgz #18

WS-2015-0024 (High) detected in uglify-js-1.2.6.tgz #18

mend-for-github-com bot commented Feb 4, 2020

WS-2015-0024 (High) detected in uglify-js-1.2.6.tgz #18

WS-2015-0024 (High) detected in uglify-js-1.2.6.tgz #18

Comments

mend-for-github-com bot commented Feb 4, 2020

WS-2015-0024 - High Severity Vulnerability