Denial of Service Vulnerability in jQuery Affects Multiple Versions
CVE-2016-10707

7.5HIGH

Key Information:

Vendor
Jquery
Status
Jquery
Vendor
CVE Published:
18 January 2018

Summary

A vulnerability in jQuery versions allows for Denial of Service (DoS) due to changes in the handling of boolean attributes. When a mixed-cased attribute name is used, it triggers an infinite recursion, potentially exhausting the call stack and causing server overload. This issue highlights the critical importance of maintaining current software versions and understanding the implications of such vulnerabilities on web applications.

References

https://github.com/jquery/jquery/issues/3133
x_refsource_MISC
https://snyk.io/vuln/npm:jquery:20160529
x_refsource_MISC
https://github.com/jquery/jquery/pull/3134
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.