Versions prior to 3.0.0 in jQuery are vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
HIGH Vulnerable Package issue exists @ jquery in branch refs/heads/master
Description
Versions prior to 3.0.0 in jQuery are vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
HIGH Vulnerable Package issue exists @ jquery in branch refs/heads/master
Vulnerability ID: CVE-2016-10707
Package Name: jquery
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2018-01-18T23:29:00
Current Package Version: 1.6.4
Remediation Upgrade Recommendation: 3.5.0
Link To SCA
Reference – NVD link