CVE-2016-10707

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions jquery versions 3.0.0-rc.1

Description The issue arises due to the removal of logic that lowercased attribute names, leading to an infinite recursion when attribute getters use mixed-cased names for boolean attributes. This results in exceeding the stack call limit and a denial of service condition. The affected versions of jquery use a lowercasing logic on attribute names, and when given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit.

Recommendations Update to version 3.0.0 or later.

Exploit

Fix

DoS

Uncontrolled Recursion

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-400

Related Identifiers

CVE-2016-10707

GHSA-MHPP-875W-9CPV

Affected Products

Jquery

CVE-2016-10707

Weakness Enumeration

Related Identifiers

Affected Products

References · 12