Critical severity9.8NVD Advisory· Published Jan 23, 2017· Updated Jun 17, 2026
CVE-2015-8857
CVE-2015-8857
Description
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
uglify-jsnpm | < 2.4.24 | 2.4.24 |
uglifierRubyGems | < 2.7.2 | 2.7.2 |
Affected products
3- ghsa-coords2 versions
< 2.7.2+ 1 more
- (no CPE)range: < 2.7.2
- (no CPE)range: < 2.4.24
Patches
Vulnerability mechanics
References
10- nodesecurity.io/advisories/39nvdExploitPatchVendor Advisory
- www.openwall.com/lists/oss-security/2016/04/20/11nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/96410nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-34r7-q49f-h37cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-8857ghsaADVISORY
- github.com/lautis/uglifier/commit/4677bfe38142937ff952f95605bcec4618892c3eghsaWEB
- github.com/mishoo/UglifyJS2/issues/751ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/uglifier/CVE-2015-8857.ymlghsaWEB
- web.archive.org/web/20200227190830/http://www.securityfocus.com/bid/96410ghsaWEB
- zyan.scripts.mit.edu/blog/backdooring-jsghsaWEB
News mentions
0No linked articles in our index yet.