CVSS v3.x: 9.8 (Critical)
CVSS v2.0: 7.5 (High)
- >= 2.7.2
This bug, found in UglifyJS versions 2.4.23 and earlier, was demonstrated to allow potentially malicious code to be hidden within secure code, and activated by the minification process.
For more information, consult:
CWE: 254 - 7PK - Security Features