CVE-2016-10707

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-10707

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10707.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10707

Aliases

GHSA-mhpp-875w-9cpv

Published

2018-01-18T23:29:00.400Z

Modified

2026-04-10T03:47:35.995420Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

References

Affected packages

Git / github.com/jquery/jquery

Affected ranges

Type

GIT

Repo

https://github.com/jquery/jquery

Events

Introduced

Last affected

fed61fb5b4d622908d033d2ec8ebc0bf7901eda4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-rc1"
        }
    ]
}

Affected versions

1.*

1.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0a

1.1

1.1.1

1.1.2

1.1.3

1.1.3.1

1.1.3a

1.1.4

1.1a

1.1b

1.2

1.2.1

1.2.2

1.2.2b

1.2.2b2

1.2.3a

1.2.3b

1.2.4

1.2.4a

1.2.4b

1.2.5

1.3.1rc1

1.3b1

1.3b2

1.3rc1

1.4.3rc1

1.4.3rc2

1.4.4rc1

1.4.4rc2

1.4.4rc3

1.4a1

1.4a2

1.4rc1

1.5.1rc1

1.5.2rc1

1.5b1

1.5rc1

1.6.1rc1

1.6.2rc1

1.6.3rc1

1.6.4rc1

1.6b1

1.6rc1

1.7.1rc1

1.7.2b1

1.7.2rc1

1.7b1

1.7b2

1.7rc1

1.8b1

1.8b2

1.8rc1

1.9.0b1

2.*

2.0.0-beta3

2.0.0b1

2.0.0b2

2.1.0-beta1

3.*

3.0.0-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10707.json"