Improper minification of non-boolean comparisons Affecting uglifier Open this link in a new tab package, versions < 2.7.2
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-RUBY-UGLIFIER-20236
-
published
20 Jul 2015
-
disclosed
20 Jul 2015
-
credit
Unknown
Introduced: 20 Jul 2015
CWE-95 Open this link in a new tabHow to fix?
Upgrade uglifier
to version 2.7.2 or higher.
Overview
uglifier
is a gem that minifies and compresses JavaScript files.
Affected versions of this package are vulnerable to Improper minification of non-boolean comparisons. It slightly alters the functionality of a JavaScript file after the minification process. This bug was demonstrated to allow potentially malicious code to be hidden within secure code, and activated by the minification process. "Backdooring your JavaScript using minifier bugs" explains how this works.