Search for vulnerabilities
Vulnerability details: VCID-1mp8-dk77-kkfm
Vulnerability ID VCID-1mp8-dk77-kkfm
Aliases CVE-2016-10707
GHSA-mhpp-875w-9cpv
Summary Exceeding Stack Call Limit DoS jQuery is a DOM manipulation javascript library. In v2.2.4 and previous, a lowercasing logic was used on the attribute names and was removed in v3.0.0. Because of this, boolean attributes whose names were not all lowercase cause infinite recursion, and will exceed the stack call limit.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-400 Uncontrolled Resource Consumption
CWE-674 Uncontrolled Recursion
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00457 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00457 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00457 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
epss 0.00858 https://api.first.org/data/v1/epss?cve=CVE-2016-10707
cvssv3.1 7.5 https://github.com/advisories/GHSA-mhpp-875w-9cpv
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-mhpp-875w-9cpv
generic_textual HIGH https://github.com/advisories/GHSA-mhpp-875w-9cpv
cvssv3.1 7.5 https://github.com/jquery/jquery
generic_textual HIGH https://github.com/jquery/jquery
cvssv3.1 7.5 https://github.com/jquery/jquery/issues/3133
generic_textual HIGH https://github.com/jquery/jquery/issues/3133
cvssv3 5.3 https://github.com/jquery/jquery/issues/3133)
cvssv3.1 7.5 https://github.com/jquery/jquery/issues/3133#issuecomment-358978489
generic_textual HIGH https://github.com/jquery/jquery/issues/3133#issuecomment-358978489
cvssv3.1 7.5 https://github.com/jquery/jquery/pull/3134
generic_textual HIGH https://github.com/jquery/jquery/pull/3134
cvssv3 5.3 https://github.com/nodejs/security-wg/blob/main/vuln/npm/330.json
cvssv3.1 7.5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2016-10707.yml
generic_textual HIGH https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2016-10707.yml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2016-10707
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-10707
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-10707
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-10707
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2016-10707
cvssv3.1 7.5 https://snyk.io/vuln/npm:jquery:20160529
generic_textual HIGH https://snyk.io/vuln/npm:jquery:20160529
cvssv3.1 7.5 https://www.npmjs.com/advisories/330
generic_textual HIGH https://www.npmjs.com/advisories/330
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2016-10707
https://github.com/advisories/GHSA-mhpp-875w-9cpv
https://github.com/jquery/jquery
https://github.com/jquery/jquery/issues/3133
https://github.com/jquery/jquery/issues/3133)
https://github.com/jquery/jquery/issues/3133#issuecomment-358978489
https://github.com/jquery/jquery/pull/3134
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2016-10707.yml
https://nvd.nist.gov/vuln/detail/CVE-2016-10707
https://snyk.io/vuln/npm:jquery:20160529
https://www.npmjs.com/advisories/330
330 https://github.com/nodejs/security-wg/blob/main/vuln/npm/330.json
cpe:2.3:a:jquery:jquery:3.0.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jquery:jquery:3.0.0:rc1:*:*:*:*:*:*
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/advisories/GHSA-mhpp-875w-9cpv
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/jquery/jquery
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/jquery/jquery/issues/3133
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/jquery/jquery/issues/3133#issuecomment-358978489
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/jquery/jquery/pull/3134
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2016-10707.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2016-10707
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-10707
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-10707
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://snyk.io/vuln/npm:jquery:20160529
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.npmjs.com/advisories/330
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.63187
EPSS Score 0.00457
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T07:58:29.236821+00:00 Npm Importer Import https://github.com/nodejs/security-wg/blob/main/vuln/npm/330.json 37.0.0