Versions of syntax-error prior to 1.1.1 are affected by a cross-site scripting vulnerability which may allow a malicious file to execute code when browserified.

Recommendation

Update to version 1.1.1 or later.

References

• https://nvd.nist.gov/vuln/detail/CVE-2014-7192
• GHSA-5726-g6r9-5f22
• https://www.npmjs.com/advisories/37
• browserify/syntax-error@9aa4e66
• https://exchange.xforce.ibmcloud.com/vulnerabilities/96728
• http://www-01.ibm.com/support/docview.wss?uid=swg21690815
• https://github.com/substack/node-browserify/blob/master/changelog.markdown#421