CVE-2016-10707: Uncontrolled Resource Consumption

January 22, 2018 (updated September 25, 2023)

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

References

github.com/advisories/GHSA-mhpp-875w-9cpv
github.com/jquery/jquery/issues/3133
github.com/jquery/jquery/issues/3133
github.com/jquery/jquery/pull/3134
nvd.nist.gov/vuln/detail/CVE-2016-10707
snyk.io/vuln/npm:jquery:20160529
www.npmjs.com/advisories/330

Code Behaviors & Features

Detect and mitigate CVE-2016-10707 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →