CVE-2015-1840

jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:rubyonrails:jquery-rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:jquery-rails:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:jquery-rails:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:jquery-ujs:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-07-26 22:59

Updated : 2024-02-28 15:21


NVD link : CVE-2015-1840

Mitre link : CVE-2015-1840

CVE.ORG link : CVE-2015-1840


JSON object : View

Products Affected

opensuse

  • opensuse

rubyonrails

  • jquery-ujs
  • jquery-rails

fedoraproject

  • fedora
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor