These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2015-8858 describes a regular expression denial of service (ReDoS) issue in the uglify-js package for Node.js. Crafted input passed to parse() can consume excessive CPU and deny service. The CVE record was published on 2017-01-23, and the underlying advisories referenced by NVD date back to 2016.
CVE-2015-8857 affects uglify-js versions before 2.4.24. The issue is in how the package rewrites boolean expressions: non-boolean values were not properly accounted for, which could change program logic in a way that bypasses intended security controls or causes other incorrect behavior. Because uglify-js is commonly used in Node.js build and release pipelines, the practical risk is that transformed JavaS [truncated]