Advisories for Gem/Uglifier package

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.

There's a vulnerability which allows a specially crafted Javascript file to have altered functionality after minification. This bug was demonstrated to allow potentially malicious code to be hidden within secure code, activated by minification. Affected versions erroneously minify boolean expressions.