VDB
DEBIAN-CVE-2015-1840
DEBIAN-CVE-2015-1840
PUBLISHED
CVSS 5.099999904632568 MEDIUM
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
Risk Scores
CVSS v4.0
5.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | ruby-jquery-rails | 0, 0, 0 |
| Debian:14 | ruby-jquery-rails | 0, 0, 0 |
| Debian:12 | ruby-jquery-rails | 0, 0, 0 |
| Debian:11 | ruby-jquery-rails | 0, 0, 0 |
Timeline
- Jul 26, 2015 CVE Published
- Apr 28, 2026 CVE Updated