Denial of Service (DoS)

Affecting jquery package, versions =3.0.0-rc.1

low severity

Overview

jquery is JavaScript library for DOM operations. Affected versions of the package are vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

Remediation

Upgrade jquery to version 3.0.0 or higher.

References

Do your applications use this vulnerable package?

Credit
Michał Gołębiowski
CVE
CVE-2016-10707
CWE
CWE-400
Snyk ID
npm:jquery:20160529
Disclosed
28 May, 2016
Published
26 Dec, 2016