Cross-site Request Forgery (CSRF)

Affecting jquery-ujs package, versions <= 1.0.3

Do your applications use this vulnerable package? Test your applications

Overview

CSRF Vulnerability in jquery-ujs and jquery-rails. There is an vulnerability in jquery-ujs and jquery-rails that can be used to bypass CSP protections and allows attackers to send CSRF tokens to attacker domains.

Source: Node Security Project

Details

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" (note the leading space) that will be passed to JQuery, who will see this as a same origin request, and send the user's CSRF token to the attacker domain.

Remediation

Upgrade to the latest version.

References

CVSS Score

6.5
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    Low
  • Availability
    None
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Credit
Ben Toews of GitHub
CVE
CVE-2015-1840
CWE
CWE-352
Snyk ID
npm:jquery-ujs:20150624
Disclosed
24 Jun, 2015
Published
24 Jun, 2015