WS-2015-0024 (High) detected in uglify-js-2.3.6.tgz #55
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2015-0024 - High Severity Vulnerability
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.3.6.tgz
Path to dependency file: /tmp/WhiteSource-ArchiveExtractor_747f4581-142b-405b-87f3-701147633521/20190625174422_45091/git_depth_0/EPiBootstrapArea/src/EPiBootstrapArea.Forms/modules/_protected/Shell/Shell/11.1.0.0/ClientResources/lib/xstyle/package.json
Path to vulnerable library: /tmp/WhiteSource-ArchiveExtractor_747f4581-142b-405b-87f3-701147633521/20190625174422_45091/git_depth_0/EPiBootstrapArea/src/EPiBootstrapArea.Forms/modules/_protected/Shell/Shell/11.1.0.0/ClientResources/lib/xstyle/node_modules/uglify-js/package.json
Dependency Hierarchy:
Found in HEAD commit: 52d4afe13ec5c110f32d28c464a838e35746114d
UglifyJS versions 2.4.23 and earlier are affected by a vulnerability which allows a specially crafted Javascript file to have altered functionality after minification.
Publish Date: 2015-08-24
URL: WS-2015-0024
Base Score Metrics not available
Type: Upgrade version
Origin: mishoo/UglifyJS@905b601
Release Date: 2017-01-31
Fix Resolution: v2.4.24
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: