Oval Definition:oval:org.opensuse.security:def:20151840
Revision Date:2022-06-30Version:1
Title:CVE-2015-1840
Description:

jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2015-1840
Mitre CVE-2015-1840
SUSE CVE-2015-1840
openSUSE-SU-2015:1260-1
Platform(s):openSUSE 13.1
openSUSE 13.2
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • openSUSE 13.1 is installed
  • AND Package Information
  • rubygem-jquery-rails-3.0.4-2.3.1 is installed
  • OR rubygem-jquery-rails-doc-3.0.4-2.3.1 is installed
    • Definition Synopsis
  • openSUSE 13.2 is installed
  • AND Package Information
  • rubygem-jquery-rails-3.1.1-2.3.1 is installed
  • OR rubygem-jquery-rails-doc-3.1.1-2.3.1 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • ruby2.2-rubygem-jquery-rails-4.2.1-1.1 is installed
  • OR ruby2.2-rubygem-jquery-rails-doc-4.2.1-1.1 is installed
  • OR ruby2.2-rubygem-jquery-rails-testsuite-4.2.1-1.1 is installed
  • OR ruby2.3-rubygem-jquery-rails-4.2.1-1.1 is installed
  • OR ruby2.3-rubygem-jquery-rails-doc-4.2.1-1.1 is installed
  • OR ruby2.3-rubygem-jquery-rails-testsuite-4.2.1-1.1 is installed
  • OR ruby2.7-rubygem-jquery-rails-4.4.0-1.7 is installed
  • OR ruby3.0-rubygem-jquery-rails-4.4.0-1.7 is installed
  • OR ruby3.1-rubygem-jquery-rails-4.5.0-1.1 is installed
    • BACK