Descriptionjquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
Overall state of this security issue: Pending
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- openSUSE-SU-2015:1260-1, published Fri, 17 Jul 2015 17:08:21 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 13.1|| ||Patchnames:
|openSUSE Tumbleweed|| ||Patchnames:
openSUSE Tumbleweed GA ruby2.2-rubygem-jquery-rails