The isValidUrl method in csrfguard.js uses an insecure string-matching technique

[Shishir53]

We had run a scan after upgrading csrfguard library to version 4.3.0 and found below vulnerability with severity 5.4 .
It also reported that there is no non-vulnerable version of this component.

Explanation
The csrfguard package is vulnerable to Cross-Site Request Forgery (CSRF). The isValidUrl method in csrfguard.js uses an insecure string-matching technique. Consequently, an attacker could exploit this vulnerability to cause tokens to leak in links to external (attacker-controlled) domains.

Version Affected
[3.1.0,4.4.0]

CVSS Details
Sonatype CVSS 3 : 5.4
CVSS Vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N