Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

update uglifier gem for fixing a security issue (OSVDB-126747) #292

Merged
merged 1 commit into from
Aug 27, 2015
Merged

update uglifier gem for fixing a security issue (OSVDB-126747) #292

merged 1 commit into from
Aug 27, 2015

Conversation

jordimassaguerpla
Copy link
Member

It was discovered that the upstream library for uglifier Gem for Ruby,
UglifyJS, versions 2.4.23 and earlier, was affected by a vulnerability
which allows a specially crafted JavaScript file to have altered
functionality after minification. This bug was demonstrated to allow
potentially malicious code to be hidden within secure code, activated
by minification.

References:

mishoo/UglifyJS#751
https://zyan.scripts.mit.edu/blog/backdooring-js/

It was discovered that the upstream library for uglifier Gem for Ruby,
UglifyJS, versions 2.4.23 and earlier, was affected by a vulnerability
which allows a specially crafted JavaScript file to have altered
functionality after minification. This bug was demonstrated to allow
potentially malicious code to be hidden within secure code, activated
by minification.

References:

mishoo/UglifyJS#751
https://zyan.scripts.mit.edu/blog/backdooring-js/
mssola added a commit that referenced this pull request Aug 27, 2015
update uglifier gem for fixing a security issue (OSVDB-126747)
@mssola mssola merged commit 4a0f402 into SUSE:master Aug 27, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants