GHSA-mhpp-875w-9cpv

Source

https://github.com/advisories/GHSA-mhpp-875w-9cpv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/01/GHSA-mhpp-875w-9cpv/GHSA-mhpp-875w-9cpv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mhpp-875w-9cpv

Aliases

CVE-2016-10707

Published

2018-01-22T13:32:42Z

Modified

2024-02-12T15:03:44Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Denial of Service in jquery

Details

Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition.

Recommendation

Update to version 3.0.0 or later.

Database specific

{
    "nvd_published_at": "2018-01-18T23:29:00Z",
    "cwe_ids": [
        "CWE-400",
        "CWE-674"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:46:22Z"
}

References

Affected packages

npm / jquery

Package

Name: jquery; View open source insights on deps.dev
Purl: pkg:npm/jquery

Affected ranges

Type: SEMVER
Events: Introduced

3.0.0-rc.1

Fixed

3.0.0

Affected versions

3.*

3.0.0-rc.1

NuGet / jQuery

Package

Name: jQuery; View open source insights on deps.dev
Purl: pkg:nuget/jQuery

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0-rc.1

Fixed

3.0.0

Affected versions

3.*

3.0.0-rc.1

Maven / org.webjars.npm:jquery

Package

Name: org.webjars.npm:jquery; View open source insights on deps.dev
Purl: pkg:maven/org.webjars.npm/jquery

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0-rc.1

Fixed

3.0.0

Affected versions

3.*

3.0.0-rc.1

RubyGems / jquery-rails

Package

Name: jquery-rails
Purl: pkg:gem/jquery-rails

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0-rc.1

Fixed

3.0.0

Affected versions

3.*

3.0.0-rc.1