To support the growing demands of open source security, OSS Index will migrate to Sonatype Guide on 04/28. To learn more about how to prepare for this transition, click here.
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.