-
-
Notifications
You must be signed in to change notification settings - Fork 220
/
Copy pathCVE-2016-10707.yml
32 lines (30 loc) · 1018 Bytes
/
CVE-2016-10707.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
gem: jquery-rails
cve: 2016-10707
ghsa: mhpp-875w-9cpv
url: https://nvd.nist.gov/vuln/detail/CVE-2016-10707
title: Denial of Service in jquery
date: 2018-01-18
description: |
Affected versions of `jquery` use a lowercasing logic on attribute
names. When given a boolean attribute with a name that contains
uppercase characters, `jquery` enters into an infinite recursion
loop, exceeding the call stack limit, and resulting in a denial
of service condition.
## Recommendation
Update to version 3.0.0 or later.
cvss_v2: 5.0
cvss_v3: 7.5
unaffected_versions:
- "< 3.0.0-rc.1"
patched_versions:
- ">= 3.0.0"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2016-10707
- https://github.com/advisories/GHSA-mhpp-875w-9cpv
- https://github.com/jquery/jquery/issues/3133
- https://github.com/jquery/jquery/issues/3133#issuecomment-358978489
- https://www.npmjs.com/advisories/330
- https://github.com/jquery/jquery/pull/3134
- https://snyk.io/vuln/npm:jquery:20160529