Miggo Logo

CVE-2015-1840: jquery-rails and jquery-ujs subject to Exposure of Sensitive Information

5

CVSS Score

Basic Information

EPSS Score
0.54761%
Published
10/24/2017
Updated
8/25/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
jquery-railsrubygems< 3.1.33.1.3
jquery-railsrubygems>= 4.0.0, < 4.0.44.0.4
jquery-ujsrubygems< 1.0.41.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper URL handling in jquery-ujs. When extracting URLs from href/action attributes (via $.rails.href), leading spaces were not trimmed, causing URLs like ' https://attacker.com' to be parsed as relative paths. The cross-domain check ($.rails.isCrossDomain) then incorrectly validated these malformed URLs as same-origin, allowing CSRF token transmission. The patches in jquery-ujs 1.0.4 and jquery-rails 3.1.3/4.0.4 addressed this by adding URL normalization (e.g., trimming whitespace), confirming these functions as the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

jqu*ry_ujs.js in jqu*ry-r*ils ***or* *.*.* *n* *.x ***or* *.*.* *n* r*ils.js in jqu*ry-ujs ***or* *.*.*, *s us** wit* Ru*y on R*ils *.x *n* *.x, *llow r*mot* *tt**k*rs to *yp*ss t** S*m* Ori*in Poli*y, *n* tri***r tr*nsmission o* * *SR* tok*n to * *i

Reasoning

T** vuln*r**ility st*ms *rom improp*r URL **n*lin* in `jqu*ry-ujs`. W**n *xtr**tin* URLs *rom *r**/**tion *ttri*ut*s (vi* `$.r*ils.*r**`), l***in* sp***s w*r* not trimm**, **usin* URLs lik* ' *ttps://*tt**k*r.*om' to ** p*rs** *s r*l*tiv* p*t*s. T**