Candidate: CVE-2015-8858
PublicDate: 2017-01-23 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8858
Description:
 The uglify-js package before 2.6.0 for Node.js allows attackers to cause a
 denial of service (CPU consumption) via crafted input in a parse call, aka
 a "regular expression denial of service (ReDoS)."
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_uglifyjs:
upstream_uglifyjs: released (2.6.0)
precise_uglifyjs: ignored (reached end-of-life)
precise/esm_uglifyjs: DNE (precise was needed)
trusty_uglifyjs: ignored (reached end-of-life)
trusty/esm_uglifyjs: DNE (trusty was needed)
vivid/stable-phone-overlay_uglifyjs: DNE
vivid/ubuntu-core_uglifyjs: DNE
wily_uglifyjs: ignored (reached end-of-life)
xenial_uglifyjs: ignored (end of standard support, was needed)
yakkety_uglifyjs: ignored (reached end-of-life)
zesty_uglifyjs: ignored (reached end-of-life)
artful_uglifyjs: ignored (reached end-of-life)
bionic_uglifyjs: not-affected (2.8.29-3)
cosmic_uglifyjs: not-affected (2.8.29-3)
disco_uglifyjs: not-affected (2.8.29-3)
eoan_uglifyjs: not-affected (2.8.29-3)
focal_uglifyjs: not-affected (2.8.29-3)
groovy_uglifyjs: not-affected (2.8.29-3)
hirsute_uglifyjs: not-affected (2.8.29-3)
impish_uglifyjs: not-affected (2.8.29-3)
jammy_uglifyjs: not-affected (2.8.29-3)
devel_uglifyjs: not-affected (2.8.29-3)