Uglifyjs Project » Uglifyjs : Security Vulnerabilities, CVEs,

CVE-2022-37598

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report.
Max CVSS
9.8
EPSS Score
0.30%
Published
2022-10-20
Updated
2024-04-11

CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
Max CVSS
7.8
EPSS Score
0.26%
Published
2017-01-23
Updated
2017-03-02

CVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.
Max CVSS
9.8
EPSS Score
0.79%
Published
2017-01-23
Updated
2021-10-28
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close