RSS   Vulnerabilities for 'Jquery-ujs'   RSS

2015-07-26
 
CVE-2015-1840

CWE-200
 

 
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.

 

 >>> Vendor: Rubyonrails 12 Products
Ruby on rails
Rails
Ruby on ra2000ils
Jquery-rails
Jquery-ujs
Web console
Html sanitizer
Active job
Active storage
Actionview
Actionpack page-caching
Active resource


Copyright 2024, cxsecurity.com

 

Back to Top