It was found that uglify-js is vulnerable to regular expression denial of service (ReDoS) when certain types of input are passed to the .parse() function. This could potentially allow a remote attacker to submit a crafted JavaScript code to a service that minifies it using the uglify-js library, and cause that service to consume an excessive amount of CPU. External References: https://nodesecurity.io/advisories/48
Created uglify-js tracking bugs for this issue: Affects: fedora-all [bug 1277889] Affects: epel-all [bug 1277892]
Created uglify-js1 tracking bugs for this issue: Affects: fedora-all [bug 1277890] Affects: epel-all [bug 1277893]
CVE assignment: http://seclists.org/oss-sec/2016/q2/122
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.