Lucene search
K

15 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/03/16 12:0 a.m.4 views

ruby4.0-rubygem-jquery-rails-4.6.0-1.9 on GA media (moderate)

ruby4.0-rubygem-jquery-rails-4.6.0-1.9 on GA media Announcement ID: openSUSE-SU-2026:10350-1 Rating: moderate Cross-References: CVE-2015-1840 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in th...

5CVSS5.8AI score0.04397EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2020/06/02 5:53 p.m.50 views

CVE-2020-8167

A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity...

5CVSS7.7AI score0.04397EPSS
Exploits2References4
RubySec
RubySec
added 2020/05/18 12:0 a.m.31 views

CSRF Vulnerability in rails-ujs

There is an vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ This is a regression of CVE-2015-1840. In the scenario where an attacker might be able to control the href attribute of an anchor ta...

6.5CVSS2AI score0.04397EPSS
Exploits2References1Affected Software1
Hacker One
Hacker One
added 2016/12/09 4:27 p.m.32 views

Ruby on Rails: CSRF header is sent to external websites when using data-remote forms

Looks like there is a regression in the fix for CVE-2015-1840 H1 report. The origin isn't being checked before adding a CSRF header to data-remote forms. I noticed this when checking out the new rails-ujs repo. Example Rails template: submit Example http://attacker.com app require "sinatra" optio...

5CVSS7.9AI score0.04397EPSS
Exploits2
NVD
NVD
added 2015/07/26 10:59 p.m.25 views

CVE-2015-1840

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...

5CVSS6.5AI score0.04397EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2015/07/26 10:59 p.m.37 views

CVE-2015-1840

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...

5CVSS6.9AI score0.04397EPSS
Exploits1References1
CVE
CVE
added 2015/07/26 10:0 p.m.134 views

CVE-2015-1840

CVE-2015-1840 describes a CSRF/XSS-style risk in Rails tooling: jquery_ujs.js and rails.js could cause a CSRF token to be transmitted to a different-domain server when a URL attribute contains a leading space. This bypasses the Same Origin Policy under supported Rails setups (Rails 3.x/4.x with j...

5CVSS6.2AI score0.04397EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2015/07/26 10:0 p.m.35 views

CVE-2015-1840

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...

6.3AI score0.04397EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2015/07/26 10:0 p.m.27 views

CVE-2015-1840

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...

5CVSS6.3AI score0.04397EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/07/20 12:0 a.m.32 views

openSUSE Security Update : rubygem-jquery-rails (openSUSE-2015-501)

rubygem-jquery-rails was updated to fix one security issue. This security issue was fixed : - CVE-2015-1840: CSRF Vulnerability in jquery-ujs and jquery-rails bsc934795. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

5CVSS7AI score0.04397EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/07/07 12:0 a.m.30 views

Fedora Update for rubygem-jquery-rails FEDORA-2015-10258

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.04397EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/06/30 12:0 a.m.34 views

Fedora 21 : rubygem-jquery-rails-3.1.0-3.fc21 (2015-10144)

Security fix for CVE-2015-1840 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

5CVSS7AI score0.04397EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2015/06/30 12:0 a.m.32 views

Fedora 22 : rubygem-jquery-rails-3.1.0-3.fc22 (2015-10258)

Security fix for CVE-2015-1840 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

5CVSS7AI score0.04397EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2015/06/30 12:0 a.m.34 views

Fedora Update for rubygem-jquery-rails FEDORA-2015-10144

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.04397EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/06/18 12:0 a.m.72 views

FreeBSD : rubygem-rails -- multiple vulnerabilities (eb8a8978-8dd5-49ce-87f4-49667b2166dd)

Ruby on Rails blog : Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

5CVSS6.1AI score0.44984EPSS
Exploits7References7
Rows per page
Query Builder