Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/jquery-ujs@1.0.4
Typegem
Namespace
Namejquery-ujs
Version1.0.4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-edxa-3wvr-afhe
vulnerability_id VCID-edxa-3wvr-afhe
summary 
This description pulled from the rubyonrails-security post.

Reported to NodeSecurity Project by Reed Loden.

CSRF Vulnerability in jquery-ujs and jquery-rails

There is an vulnerability in jquery-ujs and jquery-rails that can be used to
bypass CSP protections and allows attackers to send CSRF tokens to attacker domains.

In the scenario where an attacker might be able to control the href attribute of an anchor tag or
the action attribute of a form tag that will trigger a POST action, the attacker can set the
href or action to " https://attacker.com" (note the leading space) that will be passed to JQuery,
who will see this as a same origin request, and send the user's CSRF token to the attacker domain.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160906.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160906.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161043.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161043.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-07/msg00041.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-07/msg00041.html
3
reference_url http://openwall.com/lists/oss-security/2015/06/16/15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2015/06/16/15
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1840.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1840.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1840
reference_id
reference_type
scores
0
value 0.00242
scoring_system epss
scoring_elements 0.47729
published_at 2026-06-05T12:55:00Z
1
value 0.00242
scoring_system epss
scoring_elements 0.47665
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1840
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1840
7
reference_url https://github.com/rails/jquery-rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-rails
8
reference_url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md
9
reference_url https://github.com/rails/jquery-ujs
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://github.com/rails/jquery-ujs
10
reference_url https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md
11
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
12
reference_url https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
13
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
14
reference_url https://hackerone.com/reports/49935
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://hackerone.com/reports/49935
15
reference_url https://web.archive.org/web/20200228084945/http://www.securityfocus.com/bid/75239
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228084945/http://www.securityfocus.com/bid/75239
16
reference_url https://www.npmjs.com/package/jquery-ujs
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://www.npmjs.com/package/jquery-ujs
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1233334
reference_id 1233334
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1233334
18
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/15.json
reference_id 15
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/15.json
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790395
reference_id 790395
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790395
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1840
reference_id CVE-2015-1840
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1840
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2015-1840.yml
reference_id CVE-2015-1840.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2015-1840.yml
22
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ujs/CVE-2015-1840.yml
reference_id CVE-2015-1840.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ujs/CVE-2015-1840.yml
23
reference_url https://github.com/advisories/GHSA-4whc-pp4x-9pf3
reference_id GHSA-4whc-pp4x-9pf3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4whc-pp4x-9pf3
fixed_packages
0
url pkg:gem/jquery-ujs@1.0.4
purl pkg:gem/jquery-ujs@1.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/jquery-ujs@1.0.4
aliases CVE-2015-1840, GHSA-4whc-pp4x-9pf3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edxa-3wvr-afhe
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/jquery-ujs@1.0.4