Improper minification of non-boolean comparisons Affecting uglifier Open this link in a new tab package, versions < 2.7.2

Attack Complexity

Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-RUBY-UGLIFIER-20236
published

20 Jul 2015
disclosed

20 Jul 2015
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 20 Jul 2015

CWE-95 Open this link in a new tab

How to fix?

Upgrade uglifier to version 2.7.2 or higher.

Overview

uglifier is a gem that minifies and compresses JavaScript files.

Affected versions of this package are vulnerable to Improper minification of non-boolean comparisons. It slightly alters the functionality of a JavaScript file after the minification process. This bug was demonstrated to allow potentially malicious code to be hidden within secure code, and activated by the minification process. "Backdooring your JavaScript using minifier bugs" explains how this works.

Improper minification of non-boolean comparisons Affecting uglifier Open this link in a new tab package, versions < 2.7.2

Attack Complexity

snyk-id

published

disclosed

credit

Introduced: 20 Jul 2015

How to fix?

Overview

References