GCVE - cpe:2.3:a:rubyonrails:jquery-ujs:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:rubyonrails:jquery-ujs:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Rubyonrails (`a0962337-0e2d-518c-b84b-f2864721d062`)
Product	Jquery Ujs (`51c5e949-1897-5403-81c3-f5e8485314cb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/node-jquery-ujs`	purl2cpe	2026-06-01 10:11:28.050888
`pkg:deb/ubuntu/node-jquery-ujs`	purl2cpe	2026-06-01 10:11:28.050891
`pkg:gem/jquery-rails`	purl2cpe	2026-06-01 10:11:28.050894
`pkg:github/rails/jquery-rails`	purl2cpe	2026-06-01 10:11:28.050897
`pkg:maven/org.webjars.npm/jquery-ujs`	purl2cpe	2026-06-01 10:11:28.050900

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-1840`	vulnerable	2026-06-03 14:34:40.254613	Details available jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value. Published: 2015-07-26T22:00:00.000Z Updated: 2024-08-06T04:54:16.349Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161043.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00041.html http://openwall.com/lists/oss-security/2015/06/16/15 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160906.html https://groups.google.com/forum/message/raw?msg=rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.