Описание
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 4.0.5-1 |
| cosmic | not-affected | 4.0.5-1 |
| devel | not-affected | 4.0.5-1 |
| disco | not-affected | 4.0.5-1 |
| esm-apps/bionic | not-affected | 4.0.5-1 |
| esm-apps/xenial | not-affected | 4.0.5-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and ra ...
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
EPSS
5 Medium
CVSS2