29 matches found
ruby4.0-rubygem-jquery-rails-4.6.0-1.9 on GA media (moderate)
ruby4.0-rubygem-jquery-rails-4.6.0-1.9 on GA media Announcement ID: openSUSE-SU-2026:10350-1 Rating: moderate Cross-References: CVE-2015-1840 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in th...
OPENSUSE-SU-2026:10350-1 ruby4.0-rubygem-jquery-rails-4.6.0-1.9 on GA media
These are all security issues fixed in the ruby4.0-rubygem-jquery-rails-4.6.0-1.9 package on the GA media of openSUSE Tumbleweed...
EUVD-2017-0163
Malware in sbrugna...
OPENSUSE-SU-2025:15117-1 ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media
These are all security issues fixed in the ruby3.4-rubygem-jquery-rails-4.6.0-1.7 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:14169-1 ruby3.3-rubygem-jquery-rails-4.6.0-1.5 on GA media
These are all security issues fixed in the ruby3.3-rubygem-jquery-rails-4.6.0-1.5 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:10512-1 ruby2.2-rubygem-jquery-rails-4.2.1-1.1 on GA media
These are all security issues fixed in the ruby2.2-rubygem-jquery-rails-4.2.1-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12144-1 ruby3.1-rubygem-jquery-rails-4.5.0-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-jquery-rails-4.5.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11334-1 ruby2.7-rubygem-jquery-rails-4.4.0-1.7 on GA media
These are all security issues fixed in the ruby2.7-rubygem-jquery-rails-4.4.0-1.7 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2015-1840
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
GHSA-4WHC-PP4X-9PF3 jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
CVE-2015-1840
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
Design/Logic Flaw
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
DEBIAN-CVE-2015-1840
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
CVE-2015-1840
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
UBUNTU-CVE-2015-1840
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
CVE-2015-1840
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
CVE-2015-1840
CVE-2015-1840 describes a CSRF/XSS-style risk in Rails tooling: jquery_ujs.js and rails.js could cause a CSRF token to be transmitted to a different-domain server when a URL attribute contains a leading space. This bypasses the Same Origin Policy under supported Rails setups (Rails 3.x/4.x with j...
PT-2015-5464
Name of the Vulnerable Software and Affected Versions jquery-rails versions 3.1.3 and earlier, jquery-rails versions 4.x prior to 4.0.4 jquery-ujs versions 1.0.4 and earlier Description The issue allows remote attackers to bypass the Same Origin Policy and trigger transmission of a CSRF token to ...
openSUSE Security Update : rubygem-jquery-rails (openSUSE-2015-501)
rubygem-jquery-rails was updated to fix one security issue. This security issue was fixed : - CVE-2015-1840: CSRF Vulnerability in jquery-ujs and jquery-rails bsc934795. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...