Denial of Service (DoS)
Affecting jquery package, versions <3.0.0 >=2.1.0-beta1
Affected versions of the package are vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
jquery to version 3.0.0 or higher.
Do your applications use this vulnerable package?
- Michał Gołębiowski
- Snyk ID
- 28 May, 2016
- 26 Dec, 2016