GHSA-mhpp-875w-9cpv

Suggest an improvement
Source
https://github.com/advisories/GHSA-mhpp-875w-9cpv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/01/GHSA-mhpp-875w-9cpv/GHSA-mhpp-875w-9cpv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mhpp-875w-9cpv
Aliases
Published
2018-01-22T13:32:42Z
Modified
2025-09-02T22:35:01Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of Service in jquery
Details

Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition.

Recommendation

Update to version 3.0.0 or later.

Database specific 
{
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-400",
        "CWE-674"
    ],
    "github_reviewed_at": "2020-06-16T21:46:22Z",
    "nvd_published_at": "2018-01-18T23:29:00Z",
    "github_reviewed": true
}
References

Affected packages

npm / jquery

Package

Name
jquery
View open source insights on deps.dev
Purl
pkg:npm/jquery

Affected ranges

Type
SEMVER
Events
Introduced
3.0.0-rc.1
Fixed
3.0.0

Affected versions

3.*

3.0.0-rc.1

NuGet / jQuery

Package

Name
jQuery
View open source insights on deps.dev
Purl
pkg:nuget/jQuery

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0-rc.1
Fixed
3.0.0

Affected versions

3.*

3.0.0-rc.1

Maven / org.webjars.npm:jquery

Package

Name
org.webjars.npm:jquery
View open source insights on deps.dev
Purl
pkg:maven/org.webjars.npm/jquery

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0-rc1
Fixed
3.0.0

Affected versions

3.*

3.0.0-rc1

RubyGems / jquery-rails

Package

Name
jquery-rails
Purl
pkg:gem/jquery-rails

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0-rc.1
Fixed
3.0.0

Affected versions

3.*

3.0.0-rc.1