In a blog post, Yahoo has stated there is a security vulnerability in its JavaScript framework YUI version 2.
It doesn’t, though, give a detailed description of the bug. The emergence only, now, connects to any project where the developers have hosted their own version of the YUI 2 SWF files (from version 2.4.0 to 2.9.0).
Those who have utilized Yahoo’s yui.yahooapis.com CDN or a different CDN for YUI 2 or use YUI 3 are not affected by the issue stated Yahoo.
The only information in the post is a connection with “SWF”; this could therefore be something in connection with the presence of the class SWFStore which supports the persistence of data using the Flash Player.
The impacted version of the framework has, though, been replaced by YUI 3 since 2009; YUI 3 doesn’t include SWFStore.
