CVE-2016-10707

Name of the Vulnerable Software and Affected Versions jquery versions 3.0.0-rc.1

Description The issue arises due to the removal of logic that lowercased attribute names, leading to an infinite recursion when attribute getters use mixed-cased names for boolean attributes. This results in exceeding the stack call limit and a denial of service condition. The affected versions of jquery use a lowercasing logic on attribute names, and when given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit.

Recommendations Update to version 3.0.0 or later.