Description
Versions 1.0.3 and earlier of jquery-ujs are vulnerable to an information leakage attack that may enable attackers to launch CSRF attacks, as it allows attackers to send CSRF tokens to external domains.
Recommendation
Update the jquery-ujs package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.0.3
- Patched version(s): 1.0.4
References
Related Issues
- Cross-Site Scripting in jquery.json-viewer - jquery.json-viewer - Vulnerability
- Potential XSS vulnerability in jQuery - CVE-2020-11023
- CSRF vulnerability in save-server - CVE-2020-15135
- pym.js CSRF Vulnerability - CVE-2018-1000086
You might also like:
- Tags:
- npm
- jquery-ujs
Anything's wrong? Let us know Last updated on January 09, 2023


