sidekiq

RubyGems5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting sidekiqpage 1 of 1

CVE-2021-30151MEDIUMCVSS 6.1EG 6.1✓ Fixed in 6.2.1
2021-04-06
vulnerable: 6.0.0 ... 6.2.0 (13 versions)
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
CVE-2022-23837HIGHCVSS 7.5EG 7.5✓ Fixed in 5.2.10
2022-01-21
vulnerable: 0.10.0 ... 5.2.9 (152 versions)
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
CVE-2023-1892CRITICALCVSS 9.6EG 9.6✓ Fixed in 7.0.8
2023-04-21
vulnerable: 7.0.4, 7.0.5, 7.0.6, 7.0.7
Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.
CVE-2023-26141HIGHCVSS 7.5EG 7.5✓ Fixed in 6.5.10
2023-09-14
vulnerable: 0.10.0 ... 6.5.9 (184 versions)
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will…
CVE-2024-32887MEDIUMCVSS 5.5EG 5.5✓ Fixed in 7.2.4
2024-04-26
vulnerable: 7.2.0, 7.2.1, 7.2.2, 7.2.3
Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the r…

Check whether sidekiq is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sidekiq CVEs against the assets you own.

Start Free Scan →