Skip to main content

Vulnerability in Yahoo's JavaScript framework YUI 2

posted onNovember 1, 2012
by l33tdawg

In a blog post, Yahoo has said there is a security vulnerability in its JavaScript framework YUI version 2. It does not, though, give a detailed description of the bug. The issue only, now, relates to any project where the developers have hosted their own version of the YUI 2 SWF files (from version 2.4.0 to 2.9.0). Those who have used Yahoo's yui.yahooapis.com CDN or another CDN for YUI 2 or use YUI 3 are not affected by the issue said Yahoo.

We have identified a security vulnerability on self-hosted YUI 2 SWF files.

  • Users of YUI 2 via http://yui.yahooapis.com or another CDN are not affected by this issue.
  • Users of YUI 3 are not affected by this issue.

Any project that hosts YUI 2 SWF files (any version from 2.4.0 through 2.9.0) on its own servers should email us right away at security (at) yuilibrary.com for more information and support.

Source

Tags

Yahoo Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th