CVE-2016-10707

Опубликовано: 18 янв. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

Ссылки

https://github.com/jquery/jquery/issues/3133
Exploit
Patch
https://github.com/jquery/jquery/pull/3134
Issue Tracking
Patch
https://snyk.io/vuln/npm:jquery:20160529
Third Party Advisory
https://github.com/jquery/jquery/issues/3133
Exploit
Patch
https://github.com/jquery/jquery/pull/3134
Issue Tracking
Patch
https://snyk.io/vuln/npm:jquery:20160529
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jquery:jquery:3.0.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00533

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-674

Связанные уязвимости

CVE-2016-10707

CVSS3: 7.5

ubuntu

больше 7 лет назад

CVE-2016-10707

CVSS3: 7.5

debian

больше 7 лет назад

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to remo ...

GHSA-mhpp-875w-9cpv

CVSS3: 7.5

github

больше 7 лет назад

Denial of Service in jquery

EPSS

Процентиль: 66%

0.00533

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-674