High severity7.5NVD Advisory· Published Jan 23, 2017· Updated May 13, 2026
CVE-2015-8858
CVE-2015-8858
Description
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
uglify-jsnpm | < 2.6.0 | 2.6.0 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- nodesecurity.io/advisories/48nvdExploitVendor Advisory
- www.openwall.com/lists/oss-security/2016/04/20/11nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-c9f4-xj24-8jqxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-8858ghsaADVISORY
- www.securityfocus.com/bid/96409nvdWEB
- www.npmjs.com/advisories/48ghsaWEB
News mentions
0No linked articles in our index yet.