Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Aug 2015 11:26:15 -0700
From: Reed Loden <>
	Assign a CVE Identifier <>
Subject: CVE request: uglify-js node.js module <2.4.24 incorrectly handles
 non-boolean comparisons during minification

As seen on Hacker News --

Blog post has all the details, but basically the UglifyJS node module has a
problem where the combination of De Morgan’s Law and non-boolean values can
lead to a case where code is incorrectly minified, which can lead to
possibly malicious minified JS code.

UglifyJS is a "JavaScript parser / mangler / compressor / beautifier
toolkit" for Node.js.

Node.js module: uglify-js (
Affects: 2.4.23 and earlier
Fixed in: 2.4.24
Reported via
Fixed by

Can a CVE be assigned?


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ