CSRF Vulnerability in jquery-ujs

Severity:: Medium

Description

Versions 1.0.3 and earlier of jquery-ujs are vulnerable to an information leakage attack that may enable attackers to launch CSRF attacks, as it allows attackers to send CSRF tokens to external domains.

Recommendation

Update the jquery-ujs package to the latest compatible version. Followings are version details:

Affected version(s): <= 1.0.3
Patched version(s): 1.0.4

References

GHSA-6qqj-rx4w-r3cj
hackerone.com
groups.google.com
www.npmjs.com
snyk.io
CWE-352
OWASP 2021-A1

Related Issues

Command Injection Vulnerability - CVE-2021-21315
Cloudera HUE Account Enumeration - CVE-2016-4947
Cross-Site Scripting in exceljs - CVE-2018-16459
Sensitive data exposure in NATS - CVE-2020-26149

Tags:: npm; jquery-ujs

Anything's wrong? Let us know Last updated on January 09, 2023

CSRF Vulnerability in jquery-ujs

Description

Recommendation

References

Related Issues

This issue is available in SmartScanner Professional