Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:25454
HistoryMay 20, 2020 - 12:09 a.m.

Cross-Site Request Forgery (CSRF)

2020-05-2000:09:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14

EPSS

0.003

Percentile

70.2%

@rails/ujs is vulnerable to cross-site request forgery (CSRF). The same-origin header in XMLHttpRequest requests are not validated before including the CSRF token, potentially allowing remote attackers to submit requests on behalf of the user.