Denial of Service in jquery

Severity:: High

Description

Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition.

Recommendation

Update the jquery package to the latest compatible version. Followings are version details:

Affected version(s): = 3.0.0-rc.1
Patched version(s): 3.0.0

References

GHSA-mhpp-875w-9cpv
www.npmjs.com
snyk.io
CVE-2016-10707
CWE-400
CWE-674
CAPEC-310
OWASP 2021-A6

Related Issues

Denial of Service in mqtt - CVE-2016-1000242
Denial of Service and Content Injection in i18n-node-angular - CVE-2016-10524
Regular Expression Denial of Service in moment (GHSA-87vv-r9j6-g5qv) - CVE-2016-4055
Regular Expression Denial of Service in jquery-validation - CVE-2021-21252

Tags:: npm; jquery

Anything's wrong? Let us know Last updated on September 02, 2025