5

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2015-1840

GHSA ID

GHSA-4whc-pp4x-9pf3

EPSS Score

0.54761%

CWE

CWE-200

Published

10/24/2017

Updated

8/25/2023

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2015-1840

CVE-2015-1840: jquery-rails and jquery-ujs subject to Exposure of Sensitive Information

jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2015-1840

CVE-2015-1840:

5

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2015-1840

GHSA ID

GHSA-4whc-pp4x-9pf3

EPSS Score

0.54761%

CWE

CWE-200

Published

10/24/2017

Updated

8/25/2023

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
jquery-rails	rubygems	< 3.1.3	3.1.3
jquery-rails	rubygems	>= 4.0.0, < 4.0.4	4.0.4
jquery-ujs	rubygems	< 1.0.4	1.0.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper URL handling in jquery-ujs. When extracting URLs from href/action attributes (via $.rails.href), leading spaces were not trimmed, causing URLs like ' https://attacker.com' to be parsed as relative paths. The cross-domain check ($.rails.isCrossDomain) then incorrectly validated these malformed URLs as same-origin, allowing CSRF token transmission. The patches in jquery-ujs 1.0.4 and jquery-rails 3.1.3/4.0.4 addressed this by adding URL normalization (e.g., trimming whitespace), confirming these functions as the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2015-1840: jquery-rails and jquery-ujs subject to Exposure of Sensitive Information

CVE-2015-1840:

5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

5

5

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2015-1840: jquery-rails and jquery-ujs subject to Exposure of Sensitive Information

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI