npm

Severity: moderate

Denial of Service

jquery

Overview

Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition.

Remediation

Update to version 3.0.0 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Apr 14th, 2017
  2. reported

    Initial report by Michał Gołębiowski
    Mar 21st, 2017