CVE-2016-10707

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jquery:jquery:3.0.0:rc1:*:*:*:*:*:*

History

21 Nov 2024, 02:44

Type Values Removed Values Added
References () https://github.com/jquery/jquery/issues/3133 - Exploit, Patch () https://github.com/jquery/jquery/issues/3133 - Exploit, Patch
References () https://github.com/jquery/jquery/pull/3134 - Issue Tracking, Patch () https://github.com/jquery/jquery/pull/3134 - Issue Tracking, Patch
References () https://snyk.io/vuln/npm:jquery:20160529 - Third Party Advisory () https://snyk.io/vuln/npm:jquery:20160529 - Third Party Advisory

10 Feb 2024, 02:43

Type Values Removed Values Added
References (MISC) https://github.com/jquery/jquery/pull/3134 - Patch, Third Party Advisory (MISC) https://github.com/jquery/jquery/pull/3134 - Issue Tracking, Patch
CWE CWE-400 CWE-674

Information

Published : 2018-01-18 23:29

Updated : 2024-11-21 02:44


NVD link : CVE-2016-10707

Mitre link : CVE-2016-10707

CVE.ORG link : CVE-2016-10707


JSON object : View

Products Affected

jquery

  • jquery
CWE
CWE-674

Uncontrolled Recursion