CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-10707

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.3%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/jquery/jquery/issues/3133
https://github.com/jquery/jquery/pull/3134
https://snyk.io/vuln/npm:jquery:20160529
https://github.com/jquery/jquery/issues/3133
https://github.com/jquery/jquery/pull/3134
https://snyk.io/vuln/npm:jquery:20160529

Products affected by CVE-2016-10707

Jquery » Jquery » Version: 3.0.0

cpe:2.3:a:jquery:jquery:3.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-10707

Products

Pricing

Contact Us