Vulnerability in Yahoo's JavaScript framework YUI 2
In a blog post, Yahoo has said there is a security vulnerability in its JavaScript framework YUI version 2. It does not, though, give a detailed description of the bug. The issue only, now, relates to any project where the developers have hosted their own version of the YUI 2 SWF files (from version 2.4.0 to 2.9.0). Those who have used Yahoo's yui.yahooapis.com CDN or another CDN for YUI 2 or use YUI 3 are not affected by the issue said Yahoo.
We have identified a security vulnerability on self-hosted YUI 2 SWF files.
- Users of YUI 2 via http://yui.yahooapis.com or another CDN are not affected by this issue.
- Users of YUI 3 are not affected by this issue.
Any project that hosts YUI 2 SWF files (any version from 2.4.0 through 2.9.0) on its own servers should email us right away at security (at) yuilibrary.com for more information and support.