CVE-2016-10707: Denial of Service in jquery
(updated )
Affected versions of jquery
use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery
enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition.
References
- github.com/advisories/GHSA-mhpp-875w-9cpv
- github.com/jquery/jquery
- github.com/jquery/jquery/issues/3133
- github.com/jquery/jquery/issues/3133
- github.com/jquery/jquery/pull/3134
- github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2016-10707.yml
- nvd.nist.gov/vuln/detail/CVE-2016-10707
- snyk.io/vuln/npm:jquery:20160529
- www.npmjs.com/advisories/330
Code Behaviors & Features
Detect and mitigate CVE-2016-10707 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →