Fluid Attacks Database

Description

org.webjars:jquery is a JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. Affected versions of this package are vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	jquery	>=3.0.0-rc.1 <3.0.0 \|\| =3.0.0-rc.1	3.0.0
nuget	jquery	=3.0.0-rc.1 \|\| >=3.0.0-rc.1 <3.0.0 \|\| =3.0.0-rc.1 \|\| >=3.0.0-rc.1 <3.0.0	3.0.0, 3.0.0
rubygems	jquery-rails	=3.0.0-rc.1 \|\| >=3.0.0-rc.1 <3.0.0	3.0.0
maven	org.webjars.npm:jquery	=3.0.0-rc1 \|\| >=3.0.0-rc1 <3.0.0	3.0.0
maven	org.webjars:jquery	>=3.0.0-rc1 <3.0.0	-

Aliases

1. CVE-2016-107072. NVD-2016-107073. OSV-2016-107074. GHSA-mhpp-875w-9cpv5. GCVE-2016-107076. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2016-10707.yml7. DB-CVE-2016-10707

References

1. https://github.com/jquery/jquery/issues/31332. https://github.com/jquery/jquery/issues/3133#issuecomment-3589784893. https://github.com/jquery/jquery/pull/31344. https://github.com/jquery/jquery5. https://www.npmjs.com/advisories/3306. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2016-10707.yml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.