Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/jquery-ujs@1.0.3
Typenpm
Namespace
Namejquery-ujs
Version1.0.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.4
Latest_non_vulnerable_version1.0.4
Affected_by_vulnerabilities
0
url VCID-356q-csk2-8ug5
vulnerability_id VCID-356q-csk2-8ug5
summary 
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160906.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160906.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161043.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161043.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-07/msg00041.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-07/msg00041.html
3
reference_url http://openwall.com/lists/oss-security/2015/06/16/15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2015/06/16/15
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1840.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1840.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1840
reference_id
reference_type
scores
0
value 0.00238
scoring_system epss
scoring_elements 0.46873
published_at 2026-04-11T12:55:00Z
1
value 0.00238
scoring_system epss
scoring_elements 0.46905
published_at 2026-04-18T12:55:00Z
2
value 0.00238
scoring_system epss
scoring_elements 0.46908
published_at 2026-04-16T12:55:00Z
3
value 0.00238
scoring_system epss
scoring_elements 0.46853
published_at 2026-04-21T12:55:00Z
4
value 0.00238
scoring_system epss
scoring_elements 0.46789
published_at 2026-04-01T12:55:00Z
5
value 0.00238
scoring_system epss
scoring_elements 0.46828
published_at 2026-04-02T12:55:00Z
6
value 0.00238
scoring_system epss
scoring_elements 0.46847
published_at 2026-04-04T12:55:00Z
7
value 0.00238
scoring_system epss
scoring_elements 0.46796
published_at 2026-04-07T12:55:00Z
8
value 0.00238
scoring_system epss
scoring_elements 0.4685
published_at 2026-04-09T12:55:00Z
9
value 0.00238
scoring_system epss
scoring_elements 0.46846
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1840
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1840
7
reference_url https://github.com/rails/jquery-rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-rails
8
reference_url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md
9
reference_url https://github.com/rails/jquery-ujs
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://github.com/rails/jquery-ujs
10
reference_url https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md
11
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
12
reference_url https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
13
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
14
reference_url https://hackerone.com/reports/49935
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://hackerone.com/reports/49935
15
reference_url https://web.archive.org/web/20200228084945/http://www.securityfocus.com/bid/75239
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228084945/http://www.securityfocus.com/bid/75239
16
reference_url https://www.npmjs.com/package/jquery-ujs
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://www.npmjs.com/package/jquery-ujs
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1233334
reference_id 1233334
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1233334
18
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/15.json
reference_id 15
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/15.json
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790395
reference_id 790395
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790395
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1840
reference_id CVE-2015-1840
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1840
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2015-1840.yml
reference_id CVE-2015-1840.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2015-1840.yml
22
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ujs/CVE-2015-1840.yml
reference_id CVE-2015-1840.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ujs/CVE-2015-1840.yml
23
reference_url https://github.com/advisories/GHSA-4whc-pp4x-9pf3
reference_id GHSA-4whc-pp4x-9pf3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4whc-pp4x-9pf3
fixed_packages
0
url pkg:npm/jquery-ujs@1.0.4
purl pkg:npm/jquery-ujs@1.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jquery-ujs@1.0.4
aliases CVE-2015-1840, GHSA-4whc-pp4x-9pf3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-356q-csk2-8ug5
1
url VCID-x5j5-g553-hudp
vulnerability_id VCID-x5j5-g553-hudp
summary 
CSRF Vulnerability in jquery-ujs
Versions 1.0.3 and earlier of jquery-ujs are vulnerable to an information leakage attack that may enable attackers to launch CSRF attacks, as it allows attackers to send CSRF tokens to external domains.

When an attacker controls the href attribute of an anchor tag, or
the action attribute of a form tag triggering a POST action, the attacker can set the
href or action to " https://attacker.com". By prepending a space to the external domain, it causes jQuery to consider it a same origin request, resulting in the user's CSRF token being sent to the external domain.


## Recommendation

Upgrade jquery-ujs to version 1.0.4 or later.
references
0
reference_url https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
1
reference_url https://hackerone.com/reports/49935
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/49935
2
reference_url https://snyk.io/vuln/npm:jquery-ujs:20150624
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/npm:jquery-ujs:20150624
3
reference_url https://www.npmjs.com/advisories/15
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/15
4
reference_url https://github.com/advisories/GHSA-6qqj-rx4w-r3cj
reference_id GHSA-6qqj-rx4w-r3cj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qqj-rx4w-r3cj
fixed_packages
0
url pkg:npm/jquery-ujs@1.0.4
purl pkg:npm/jquery-ujs@1.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jquery-ujs@1.0.4
aliases GHSA-6qqj-rx4w-r3cj, GMS-2020-740
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5j5-g553-hudp
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/jquery-ujs@1.0.3