Inadequate Boolean Expression Rewriting in Uglify-JS Package for Node.js

Inadequate Boolean Expression Rewriting in Uglify-JS Package for Node.js

CVE-2015-8857 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.

Learn more about our Web Application Penetration Testing UK.