MEDIUM 6.1 RubyGems
Cross-site Scripting in Sidekiq
GHSA-grh7-935j-hg6w · CVE-2021-30151
Published · Modified
Description
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-30151
- WEB https://github.com/mperham/sidekiq/issues/4852
- WEB https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8
- PACKAGE https://github.com/mperham/sidekiq
- WEB https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes