The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a regular expression denial of service (ReDoS).
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Uglifyjs | Uglifyjs_project | * | 2.5.0 (including) |
| Uglifyjs | Ubuntu | artful | * |
| Uglifyjs | Ubuntu | esm-apps/xenial | * |
| Uglifyjs | Ubuntu | precise | * |
| Uglifyjs | Ubuntu | trusty | * |
| Uglifyjs | Ubuntu | upstream | * |
| Uglifyjs | Ubuntu | wily | * |
| Uglifyjs | Ubuntu | xenial | * |
| Uglifyjs | Ubuntu | yakkety | * |
| Uglifyjs | Ubuntu | zesty | * |