High severity7.5NVD Advisory· Published Jan 18, 2018· Updated Jun 17, 2026
CVE-2016-10707
CVE-2016-10707
Description
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jquerynpm | >= 3.0.0-rc.1, < 3.0.0 | 3.0.0 |
jQueryNuGet | >= 3.0.0-rc.1, < 3.0.0 | 3.0.0 |
org.webjars.npm:jqueryMaven | >= 3.0.0-rc1, < 3.0.0 | 3.0.0 |
jquery-railsRubyGems | >= 3.0.0-rc.1, < 3.0.0 | 3.0.0 |
Affected products
4- ghsa-coords4 versions
>= 3.0.0-rc.1, < 3.0.0+ 3 more
- (no CPE)range: >= 3.0.0-rc.1, < 3.0.0
- (no CPE)range: >= 3.0.0-rc1, < 3.0.0
- (no CPE)range: >= 3.0.0-rc.1, < 3.0.0
- (no CPE)range: >= 3.0.0-rc.1, < 3.0.0
Patches
Vulnerability mechanics
References
8- github.com/jquery/jquery/pull/3134nvdIssue TrackingPatchWEB
- github.com/jquery/jquery/issues/3133nvdExploitPatchWEB
- github.com/advisories/GHSA-mhpp-875w-9cpvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10707ghsaADVISORY
- snyk.io/vuln/npm:jquery:20160529nvdThird Party AdvisoryWEB
- github.com/jquery/jquery/issues/3133ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2016-10707.ymlghsaWEB
- www.npmjs.com/advisories/330ghsaWEB
News mentions
0No linked articles in our index yet.