Ciarancolgan

**Name of the Vulnerable Software and Affected Versions** mishoo UglifyJS version 3.13.2 **Description** The issue is related to a prototype pollution vulnerability in the function DEFNODE in ast.js, specifically via the `name` variable. This vulnerability is present in mishoo UglifyJS. The vendor has considered this report as invalid. **Recommendations** For mishoo UglifyJS version 3.13.2, consider restricting access to the `DEFNODE` function in ast.js to minimize the risk of exploitation. As a temporary workaround, consider disabling the `DEFNODE` function until a patch is available or further guidance is provided by the vendor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.