CVE-2015-8857

Name of the Vulnerable Software and Affected Versions uglify-js versions prior to 2.4.24

Description The issue is related to errors in input syntax checking in the uglify-js library, which may allow a remote attacker to execute arbitrary code using a specially crafted JavaScript. The vulnerability is caused by the library not properly accounting for non-boolean values when rewriting boolean expressions, potentially allowing attackers to bypass security mechanisms. This may have an unspecified impact by leveraging improperly rewritten JavaScript. Crafted JavaScript may have altered functionality after minification.

Recommendations Upgrade UglifyJS to version >= 2.4.24.