Search criteria
12 vulnerabilities found for sidekiq by contribsys
CVE-2023-46951 (GCVE-0-2023-46951)
Vulnerability from nvd – Published: 2024-03-01 00:00 – Updated: 2025-04-22 15:45
VLAI?
Summary
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sidekiq",
"vendor": "contribsys",
"versions": [
{
"status": "affected",
"version": "v.6.5.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46951",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T21:01:21.190541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:45:39.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:21.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.link.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://link.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:20:49.803Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.link.com"
},
{
"url": "https://link.org"
},
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38"
},
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/releases/tag/v8.0.7"
},
{
"url": "https://www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951"
},
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/pull/829"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46951",
"datePublished": "2024-03-01T00:00:00.000Z",
"dateReserved": "2023-10-30T00:00:00.000Z",
"dateUpdated": "2025-04-22T15:45:39.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46950 (GCVE-0-2023-46950)
Vulnerability from nvd – Published: 2024-03-01 00:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:21.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.link.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://link.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sidekiq",
"vendor": "contribsys",
"versions": [
{
"status": "affected",
"version": "6.5.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46950",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:06:13.214798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:08:14.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T19:57:04.342263",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38"
},
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/releases/tag/v8.0.7"
},
{
"url": "https://www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951"
},
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/pull/829"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46950",
"datePublished": "2024-03-01T00:00:00",
"dateReserved": "2023-10-30T00:00:00",
"dateUpdated": "2024-09-16T19:57:04.342263",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26141 (GCVE-0-2023-26141)
Vulnerability from nvd – Published: 2023-09-14 05:00 – Updated: 2024-09-25 18:16
VLAI?
Summary
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Severity ?
CWE
- CWE-400 - Denial of Service (DoS)
Assigner
References
Credits
Keegan Parr
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sidekiq",
"vendor": "contribsys",
"versions": [
{
"lessThan": "6.5.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.1.3",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:12:16.582418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:16:01.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sidekiq",
"vendor": "n/a",
"versions": [
{
"lessThan": "7.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keegan Parr"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-14T05:00:00.986Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107"
},
{
"url": "https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a"
},
{
"url": "https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6"
},
{
"url": "https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2023-26141",
"datePublished": "2023-09-14T05:00:00.986Z",
"dateReserved": "2023-02-20T10:28:48.926Z",
"dateUpdated": "2024-09-25T18:16:01.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1892 (GCVE-0-2023-1892)
Vulnerability from nvd – Published: 2023-04-05 00:00 – Updated: 2025-02-10 19:45
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in sidekiq/sidekiq
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.
Severity ?
8.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sidekiq | sidekiq/sidekiq |
Affected:
7.0.4 , < unspecified
(custom)
Affected: unspecified , < 7.0.8 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1892",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:45:49.620050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:45:53.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sidekiq/sidekiq",
"vendor": "sidekiq",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.0.4",
"versionType": "custom"
},
{
"lessThan": "7.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777"
},
{
"url": "https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214"
}
],
"source": {
"advisory": "e35e5653-c429-4fb8-94a3-cbc123ae4777",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in sidekiq/sidekiq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1892",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:45:53.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23837 (GCVE-0-2022-23837)
Vulnerability from nvd – Published: 2022-01-21 00:00 – Updated: 2024-08-03 03:51
VLAI?
Summary
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rubysec/ruby-advisory-db/pull/495"
},
{
"name": "[debian-lts-announce] 20220310 [SECURITY] [DLA 2943-1] ruby-sidekiq security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html"
},
{
"name": "[debian-lts-announce] 20230312 [SECURITY] [DLA 3360-1] ruby-sidekiq security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956"
},
{
"url": "https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/pull/495"
},
{
"name": "[debian-lts-announce] 20220310 [SECURITY] [DLA 2943-1] ruby-sidekiq security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html"
},
{
"name": "[debian-lts-announce] 20230312 [SECURITY] [DLA 3360-1] ruby-sidekiq security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23837",
"datePublished": "2022-01-21T00:00:00",
"dateReserved": "2022-01-21T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30151 (GCVE-0-2021-30151)
Vulnerability from nvd – Published: 2021-04-06 00:00 – Updated: 2024-08-03 22:24
VLAI?
Summary
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mperham/sidekiq/issues/4852"
},
{
"name": "[debian-lts-announce] 20220310 [SECURITY] [DLA 2943-1] ruby-sidekiq security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html"
},
{
"name": "[debian-lts-announce] 20230312 [SECURITY] [DLA 3360-1] ruby-sidekiq security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mperham/sidekiq/issues/4852"
},
{
"name": "[debian-lts-announce] 20220310 [SECURITY] [DLA 2943-1] ruby-sidekiq security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html"
},
{
"name": "[debian-lts-announce] 20230312 [SECURITY] [DLA 3360-1] ruby-sidekiq security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30151",
"datePublished": "2021-04-06T00:00:00",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46951 (GCVE-0-2023-46951)
Vulnerability from cvelistv5 – Published: 2024-03-01 00:00 – Updated: 2025-04-22 15:45
VLAI?
Summary
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sidekiq",
"vendor": "contribsys",
"versions": [
{
"status": "affected",
"version": "v.6.5.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46951",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T21:01:21.190541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:45:39.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:21.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.link.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://link.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:20:49.803Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.link.com"
},
{
"url": "https://link.org"
},
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38"
},
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/releases/tag/v8.0.7"
},
{
"url": "https://www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951"
},
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/pull/829"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46951",
"datePublished": "2024-03-01T00:00:00.000Z",
"dateReserved": "2023-10-30T00:00:00.000Z",
"dateUpdated": "2025-04-22T15:45:39.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46950 (GCVE-0-2023-46950)
Vulnerability from cvelistv5 – Published: 2024-03-01 00:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:21.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.link.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://link.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sidekiq",
"vendor": "contribsys",
"versions": [
{
"status": "affected",
"version": "6.5.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46950",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:06:13.214798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:08:14.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T19:57:04.342263",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38"
},
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/releases/tag/v8.0.7"
},
{
"url": "https://www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951"
},
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/pull/829"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46950",
"datePublished": "2024-03-01T00:00:00",
"dateReserved": "2023-10-30T00:00:00",
"dateUpdated": "2024-09-16T19:57:04.342263",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26141 (GCVE-0-2023-26141)
Vulnerability from cvelistv5 – Published: 2023-09-14 05:00 – Updated: 2024-09-25 18:16
VLAI?
Summary
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Severity ?
CWE
- CWE-400 - Denial of Service (DoS)
Assigner
References
Credits
Keegan Parr
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sidekiq",
"vendor": "contribsys",
"versions": [
{
"lessThan": "6.5.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.1.3",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:12:16.582418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:16:01.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sidekiq",
"vendor": "n/a",
"versions": [
{
"lessThan": "7.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keegan Parr"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-14T05:00:00.986Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107"
},
{
"url": "https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a"
},
{
"url": "https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6"
},
{
"url": "https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2023-26141",
"datePublished": "2023-09-14T05:00:00.986Z",
"dateReserved": "2023-02-20T10:28:48.926Z",
"dateUpdated": "2024-09-25T18:16:01.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1892 (GCVE-0-2023-1892)
Vulnerability from cvelistv5 – Published: 2023-04-05 00:00 – Updated: 2025-02-10 19:45
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in sidekiq/sidekiq
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.
Severity ?
8.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sidekiq | sidekiq/sidekiq |
Affected:
7.0.4 , < unspecified
(custom)
Affected: unspecified , < 7.0.8 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1892",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:45:49.620050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:45:53.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sidekiq/sidekiq",
"vendor": "sidekiq",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.0.4",
"versionType": "custom"
},
{
"lessThan": "7.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777"
},
{
"url": "https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214"
}
],
"source": {
"advisory": "e35e5653-c429-4fb8-94a3-cbc123ae4777",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in sidekiq/sidekiq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1892",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:45:53.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23837 (GCVE-0-2022-23837)
Vulnerability from cvelistv5 – Published: 2022-01-21 00:00 – Updated: 2024-08-03 03:51
VLAI?
Summary
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rubysec/ruby-advisory-db/pull/495"
},
{
"name": "[debian-lts-announce] 20220310 [SECURITY] [DLA 2943-1] ruby-sidekiq security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html"
},
{
"name": "[debian-lts-announce] 20230312 [SECURITY] [DLA 3360-1] ruby-sidekiq security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956"
},
{
"url": "https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/pull/495"
},
{
"name": "[debian-lts-announce] 20220310 [SECURITY] [DLA 2943-1] ruby-sidekiq security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html"
},
{
"name": "[debian-lts-announce] 20230312 [SECURITY] [DLA 3360-1] ruby-sidekiq security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23837",
"datePublished": "2022-01-21T00:00:00",
"dateReserved": "2022-01-21T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30151 (GCVE-0-2021-30151)
Vulnerability from cvelistv5 – Published: 2021-04-06 00:00 – Updated: 2024-08-03 22:24
VLAI?
Summary
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mperham/sidekiq/issues/4852"
},
{
"name": "[debian-lts-announce] 20220310 [SECURITY] [DLA 2943-1] ruby-sidekiq security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html"
},
{
"name": "[debian-lts-announce] 20230312 [SECURITY] [DLA 3360-1] ruby-sidekiq security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mperham/sidekiq/issues/4852"
},
{
"name": "[debian-lts-announce] 20220310 [SECURITY] [DLA 2943-1] ruby-sidekiq security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html"
},
{
"name": "[debian-lts-announce] 20230312 [SECURITY] [DLA 3360-1] ruby-sidekiq security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30151",
"datePublished": "2021-04-06T00:00:00",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}