Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/jquery-ujs@1.0.2
purl pkg:npm/jquery-ujs@1.0.2
Next non-vulnerable version 1.0.4
Latest non-vulnerable version 1.0.4
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-k1jn-jwbx-qya1
Aliases:
GMS-2015-14
CSRF vulnerability In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the nhref or action to " https://attacker.com" (note the leading space) that will be passed to JQuery, who will see this as a same origin request, and send the user's CSRF token to the attacker domain.
1.0.4
Affected by 0 other vulnerabilities.
VCID-x5j5-g553-hudp
Aliases:
GHSA-6qqj-rx4w-r3cj
GMS-2020-740
CSRF Vulnerability in jquery-ujs Versions 1.0.3 and earlier of jquery-ujs are vulnerable to an information leakage attack that may enable attackers to launch CSRF attacks, as it allows attackers to send CSRF tokens to external domains. When an attacker controls the href attribute of an anchor tag, or the action attribute of a form tag triggering a POST action, the attacker can set the href or action to " https://attacker.com". By prepending a space to the external domain, it causes jQuery to consider it a same origin request, resulting in the user's CSRF token being sent to the external domain. ## Recommendation Upgrade jquery-ujs to version 1.0.4 or later.
1.0.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:06:50.010853+00:00 GitLab Importer Affected by VCID-x5j5-g553-hudp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jquery-ujs/GMS-2020-740.yml 38.4.0
2026-04-16T20:32:31.229079+00:00 GitLab Importer Affected by VCID-k1jn-jwbx-qya1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jquery-ujs/GMS-2015-14.yml 38.4.0
2026-04-11T22:18:25.550688+00:00 GitLab Importer Affected by VCID-x5j5-g553-hudp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jquery-ujs/GMS-2020-740.yml 38.3.0
2026-04-11T21:42:54.971420+00:00 GitLab Importer Affected by VCID-k1jn-jwbx-qya1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jquery-ujs/GMS-2015-14.yml 38.3.0
2026-04-02T22:30:26.477182+00:00 GitLab Importer Affected by VCID-x5j5-g553-hudp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jquery-ujs/GMS-2020-740.yml 38.1.0
2026-04-02T21:57:04.433085+00:00 GitLab Importer Affected by VCID-k1jn-jwbx-qya1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jquery-ujs/GMS-2015-14.yml 38.1.0
2026-04-01T16:14:16.062496+00:00 GitLab Importer Affected by VCID-k1jn-jwbx-qya1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jquery-ujs/GMS-2015-14.yml 38.0.0