Skip to content

Commit d930dc0

Browse files
jasnowpostmodern
jasnow
authored and
postmodern
committed
Added 1 more gem file - added CVE info, then renamed them
1 parent 9b4e854 commit d930dc0

1 file changed

Lines changed: 16 additions & 2 deletions

File tree

gems/uglifier/OSVDB-126747.yml renamed to gems/uglifier/CVE-2015-8857.yml

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
---
22
gem: uglifier
3+
cve: 2015-8857
34
osvdb: 126747
5+
ghsa: 34r7-q49f-h37c
46
url: https://github.com/mishoo/UglifyJS2/issues/751
57
title: uglifier incorrectly handles non-boolean comparisons during minification
68
date: 2015-07-21
@@ -14,6 +16,18 @@ description: |2
1416
to allow potentially malicious code to be hidden within secure code,
1517
and activated by the minification process.
1618
17-
For more information, consult: https://zyan.scripts.mit.edu/blog/backdooring-js/
19+
For more information, consult:
20+
* https://zyan.scripts.mit.edu/blog/backdooring-js
21+
22+
* CWE: 254 - 7PK - Security Features
23+
cvss_v2: 7.5
24+
cvss_v3: 9.8
1825
patched_versions:
19-
- '>= 2.7.2'
26+
- '>= 2.7.2'
27+
related:
28+
url:
29+
- https://nvd.nist.gov/vuln/detail/CVE-2015-8857
30+
- https://github.com/mishoo/UglifyJS/issues/751
31+
- https://blog.azuki.vip/backdooring-js
32+
- https://www.openwall.com/lists/oss-security/2016/04/20/11
33+
- https://github.com/advisories/GHSA-34r7-q49f-h37c

0 commit comments

Comments
 (0)