Search for vulnerabilities
Vulnerability details: VCID-zvqa-f2mq-aaaq
Vulnerability ID VCID-zvqa-f2mq-aaaq
Aliases CVE-2015-1840
GHSA-4whc-pp4x-9pf3
Summary Moderate severity vulnerability that affects jquery-rails and jquery-ujs
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (6)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
CWE-201 Insertion of Sensitive Information Into Sent Data
System Score Found at
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160906.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161043.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2015-07/msg00041.html
generic_textual MODERATE http://openwall.com/lists/oss-security/2015/06/16/15
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1840.html
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.00987 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.04987 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.04987 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.04987 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
epss 0.04987 https://api.first.org/data/v1/epss?cve=CVE-2015-1840
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1233334
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1840
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-4whc-pp4x-9pf3
cvssv3 6.5 https://github.com/nodejs/security-wg/blob/main/vuln/npm/15.json
generic_textual MODERATE https://github.com/rails/jquery-rails
generic_textual MODERATE https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md
cvssv3 6.5 https://github.com/rails/jquery-ujs
generic_textual MODERATE https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md
generic_textual MODERATE https://groups.google.com/forum/message/raw?msg=rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
cvssv3 6.5 https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
cvssv3.1 6.5 https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
generic_textual MODERATE https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
generic_textual MODERATE https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
cvssv3 6.5 https://hackerone.com/reports/49935
cvssv3.1 6.5 https://hackerone.com/reports/49935
generic_textual MODERATE https://hackerone.com/reports/49935
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2015-1840
generic_textual MODERATE https://web.archive.org/web/20200228084945/http://www.securityfocus.com/bid/75239
cvssv3 6.5 https://www.npmjs.com/package/jquery-ujs
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160906.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161043.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00041.html
http://openwall.com/lists/oss-security/2015/06/16/15
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1840.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1840.json
https://api.first.org/data/v1/epss?cve=CVE-2015-1840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1840
https://github.com/rails/jquery-rails
https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md
https://github.com/rails/jquery-ujs
https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
https://hackerone.com/reports/49935
https://web.archive.org/web/20200228084945/http://www.securityfocus.com/bid/75239
https://www.npmjs.com/package/jquery-ujs
http://www.securityfocus.com/bid/75239
1233334 https://bugzilla.redhat.com/show_bug.cgi?id=1233334
15 https://github.com/nodejs/security-wg/blob/main/vuln/npm/15.json
790395 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790395
cpe:2.3:a:rubyonrails:jquery-rails:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:jquery-rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:jquery-rails:4.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:jquery-rails:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:jquery-rails:4.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:jquery-rails:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:jquery-ujs:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:jquery-ujs:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
CVE-2015-1840 https://nvd.nist.gov/vuln/detail/CVE-2015-1840
CVE-2015-1840.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ujs/CVE-2015-1840.yml
GHSA-4whc-pp4x-9pf3 https://github.com/advisories/GHSA-4whc-pp4x-9pf3
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://hackerone.com/reports/49935
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-1840
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.53908
EPSS Score 0.00314
Published At May 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.