Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby on Rails jquery-ujs和jquery-rails 权限许可和访问控制 漏洞
Vulnerability Description
Ruby on Rails(Rails)是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架,它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。jquery-ujs是其中的一个脚本支持文件;jquery-rails是为Rails 4+应用程序提供jQuery和jQuery-ujs驱动的插件。 Ruby on Rails中使用的jquery-ujs中的rails.js文件和jquery-rails中的jquery_ujs.js文件存在安全漏洞
CVSS Information
N/A
Vulnerability Type
N/A