Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxcWotcng0dy1yM2Nq
CSRF Vulnerability in jquery-ujs
Versions 1.0.3 and earlier of jquery-ujs are vulnerable to an information leakage attack that may enable attackers to launch CSRF attacks, as it allows attackers to send CSRF tokens to external domains.
When an attacker controls the href attribute of an anchor tag, or
the action attribute of a form tag triggering a POST action, the attacker can set the
href or action to " https://attacker.com". By prepending a space to the external domain, it causes jQuery to consider it a same origin request, resulting in the user's CSRF token being sent to the external domain.
Recommendation
Upgrade jquery-ujs to version 1.0.4 or later.
Permalink: https://github.com/advisories/GHSA-6qqj-rx4w-r3cjJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxcWotcng0dy1yM2Nq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 4 years ago
Updated: about 2 years ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Identifiers: GHSA-6qqj-rx4w-r3cj
References:
- https://hackerone.com/reports/49935
- https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
- https://www.npmjs.com/advisories/15
- https://snyk.io/vuln/npm:jquery-ujs:20150624
- https://github.com/advisories/GHSA-6qqj-rx4w-r3cj
Affected Packages
npm:jquery-ujs
Dependent packages: 15Dependent repositories: 1,526
Downloads: 521,896 last month
Affected Version Ranges: <= 1.0.3
Fixed in: 1.0.4
All affected versions: 1.0.0, 1.0.2
All unaffected versions: 1.0.4, 1.2.0, 1.2.1, 1.2.2, 1.2.3