Denial of Service in jquery

Severity:: High

Description

Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition.

Recommendation

Update the jquery package to the latest compatible version. Followings are version details:

Affected version(s): = 3.0.0-rc.1
Patched version(s): 3.0.0

References

GHSA-mhpp-875w-9cpv
www.npmjs.com
snyk.io
CVE-2016-10707
CWE-400
CWE-674
CAPEC-310
OWASP 2021-A6

Related Issues

Regular Expression Denial of Service in jadedown - CVE-2016-10520
Regular Expression Denial of Service in jquery-validation - CVE-2021-21252
Regular expression denial of service in jquery-validation - jquery-validation - CVE-2021-43306
Regular Expression Denial of Service in moment - moment - CVE-2016-4055

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; jquery

Anything's wrong? Let us know Last updated on September 02, 2025