Improper minification of non-boolean comparisons Affecting uglifier package, versions < 2.7.2


0.0
medium
  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-RUBY-UGLIFIER-20236

  • published

    20 Jul 2015

  • disclosed

    20 Jul 2015

  • credit

    Unknown

How to fix?

Upgrade uglifier to version 2.7.2 or higher.

Overview

uglifier is a gem that minifies and compresses JavaScript files.

Affected versions of this package are vulnerable to Improper minification of non-boolean comparisons. It slightly alters the functionality of a JavaScript file after the minification process. This bug was demonstrated to allow potentially malicious code to be hidden within secure code, and activated by the minification process. "Backdooring your JavaScript using minifier bugs" explains how this works.