Name of the Vulnerable Software and Affected Versions jquery-ujs versions 1.0.3 and earlier

Description The issue allows attackers to send CSRF tokens to external domains, potentially enabling them to launch CSRF attacks. This is possible when an attacker controls the href attribute of an anchor tag or the action attribute of a form tag triggering a POST action. By prepending a space to the external domain, it causes jQuery to consider it a same origin request, resulting in the user's CSRF token being sent to the external domain.

Recommendations Upgrade to version 1.0.4 or later.