CVE-2017-16012

Jquery is a javascript library for DOM traversal and manipulation, event handling, animation, and Ajax. When text/javascript responses are received from cross-origin ajax requests not containing the option `dataType`, the result is executed in `jQuery.globalEval` potentially allowing an attacker to execute arbitrary code on the origin. This affects Jquery >=1.4.0 <=1.11.3 || >=1.12.4 <=2.2.4.

Source: CVE-2017-16012