search

d4nyll / lethargy

Distinguish between scroll events initiated by the user, and those by inertial scrolling
http://d4nyll.github.io/lethargy/
MIT License
556 stars 47 forks source link

WS-2015-0024 High Severity Vulnerability detected by WhiteSource #29

Closed mend-bolt-for-github[bot] closed 5 years ago

mend-bolt-for-github[bot] commented 5 years ago

WS-2015-0024 - High Severity Vulnerability

Vulnerable Library - uglify-js-2.2.5.tgz

JavaScript parser, mangler/compressor and beautifier toolkit

path: /lethargy/node_modules/ruglify/node_modules/uglify-js/package.json

Library home page: http://registry.npmjs.org/uglify-js/-/uglify-js-2.2.5.tgz

Dependency Hierarchy: - :x: **uglify-js-2.2.5.tgz** (Vulnerable Library)

Vulnerability Details

UglifyJS versions 2.4.23 and earlier are affected by a vulnerability which allows a specially crafted Javascript file to have altered functionality after minification.

Publish Date: 2015-08-24

URL: WS-2015-0024

CVSS 2 Score Details (8.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/39

Release Date: 2015-08-24

Fix Resolution: Upgrade UglifyJS to version >= 2.4.24.

Step up your Open Source Security Game with WhiteSource here