Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-1840HistoryJul 26, 2015 - 10:59 p.m.
CVE-2015-1840
2015-07-2622:59:00
Debian Security Bug Tracker
security-tracker.debian.org
9
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.6%
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | ruby-jquery-rails | < 4.0.4-1 | ruby-jquery-rails_4.0.4-1_all.deb |
| Debian | 11 | all | ruby-jquery-rails | < 4.0.4-1 | ruby-jquery-rails_4.0.4-1_all.deb |
| Debian | 10 | all | ruby-jquery-rails | < 4.0.4-1 | ruby-jquery-rails_4.0.4-1_all.deb |
| Debian | 999 | all | ruby-jquery-rails | < 4.0.4-1 | ruby-jquery-rails_4.0.4-1_all.deb |
| Debian | 13 | all | ruby-jquery-rails | < 4.0.4-1 | ruby-jquery-rails_4.0.4-1_all.deb |
Related
openvas
openvas
Fedora Update for rubygem-jquery-rails FEDORA-2015-10144
2015-06-30 00:00:00
Fedora Update for rubygem-jquery-rails FEDORA-2015-10258
2015-07-07 00:00:00
github
github
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
2017-10-24 18:33:36
CSRF Vulnerability in rails-ujs
2020-07-07 16:34:10
nodejs
nodejs
CSRF Vulnerability
2015-10-17 19:41:46
prion
prion
Design/Logic Flaw
2015-07-26 22:59:00
osv
osv
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
2017-10-24 18:33:36
CSRF Vulnerability in rails-ujs
2020-07-07 16:34:10
nessus
nessus
openSUSE Security Update : rubygem-jquery-rails (openSUSE-2015-501)
2015-07-20 00:00:00
Fedora 21 : rubygem-jquery-rails-3.1.0-3.fc21 (2015-10144)
2015-06-30 00:00:00
Fedora 22 : rubygem-jquery-rails-3.1.0-3.fc22 (2015-10258)
2015-06-30 00:00:00
ubuntucve
ubuntucve
CVE-2015-1840
2015-07-26 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: rubygem-jquery-rails-3.1.0-3.fc21
2015-06-30 00:18:18
[SECURITY] Fedora 22 Update: rubygem-jquery-rails-3.1.0-3.fc22
2015-06-30 00:04:16
cve
cve
CVE-2015-1840
2015-07-26 22:59:00
rubygems
rubygems
CSRF Vulnerability in rails-ujs
2020-05-17 21:00:00
CSRF Vulnerability in jquery-rails
2015-06-15 21:00:00
CSRF Vulnerability in jquery-ujs
2015-06-15 21:00:00
hackerone
hackerone
redhatcve
redhatcve
CVE-2020-8167
2020-06-02 17:53:07
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2015-06-16 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.6%
Related for DEBIANCVE:CVE-2015-1840