GHSA-fhx8-5c23-x7x5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fhx8-5c23-x7x5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-fhx8-5c23-x7x5/GHSA-fhx8-5c23-x7x5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fhx8-5c23-x7x5
- Aliases
-
- CVE-2023-46950
- Published
- 2024-03-01T15:31:37Z
- Modified
- 2024-09-17T22:35:05.553708Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Cross Site Scripting vulnerability in Contribsys Sidekiq
- Details
-
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.
- Database specific
{ "nvd_published_at": "2024-03-01T14:15:53Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-09-16T22:28:01Z" }- References
-
- https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38
- https://nvd.nist.gov/vuln/detail/CVE-2023-46950
- https://github.com/mhenrixon/sidekiq-unique-jobs/pull/829
- https://github.com/mhenrixon/sidekiq-unique-jobs/commit/cd09ba6108f98973b6649a6149790c3d4502b4cc
- https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed
- https://github.com/mhenrixon/sidekiq-unique-jobs
- https://github.com/mhenrixon/sidekiq-unique-jobs/releases/tag/v8.0.7
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sidekiq-unique-jobs/CVE-2023-46950.yml
- https://www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951
Affected packages
RubyGems / sidekiq-unique-jobs
Package
- Name
- sidekiq-unique-jobs
- Purl
- pkg:gem/sidekiq-unique-jobs
RubyGems / sidekiq-unique-jobs
Package
- Name
- sidekiq-unique-jobs
- Purl
- pkg:gem/sidekiq-unique-jobs
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.1.33
Affected versions
2.*
2.1.0
2.2.0
2.2.1
2.3.2
2.6.5
2.6.6
2.6.7
2.7.0
2.7.1
3.*
3.0.0
3.0.1
3.0.2
3.0.5
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
4.*
4.0.0
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.0.13
4.0.15
4.0.16
4.0.17
4.0.18
5.*
5.0.0
5.0.1
5.0.2
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
6.*
6.0.0.rc1
6.0.0.rc2
6.0.0.rc3
6.0.0.rc4
6.0.0.rc5
6.0.0.rc6
6.0.0.rc7
6.0.0.rc8
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10
6.0.11
6.0.12
6.0.13
6.0.16
6.0.19
6.0.20
6.0.21
6.0.22
6.0.23
6.0.24
6.0.25
7.*
7.0.0.beta2
7.0.0.beta3
7.0.0.beta4
7.0.0.beta5
7.0.0.beta6
7.0.0.beta7
7.0.0.beta8
7.0.0.beta9
7.0.0.beta10
7.0.0.beta11
7.0.0.beta12
7.0.0.beta13
7.0.0.beta14
7.0.0.beta15
7.0.0.beta16
7.0.0.beta17
7.0.0.beta18
7.0.0.beta19
7.0.0.beta20
7.0.0.beta21
7.0.0.beta22
7.0.0.beta23
7.0.0.beta24
7.0.0.beta25
7.0.0.beta26
7.0.0.beta27
7.0.0.beta28
7.0.0.beta29
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7
7.0.8
7.0.9
7.0.10
7.0.11
7.0.12
7.0.13
7.1.0
7.1.1
7.1.2
7.1.3
7.1.5
7.1.6
7.1.7
7.1.8
7.1.10
7.1.11
7.1.12
7.1.13
7.1.14
7.1.15
7.1.16
7.1.17
7.1.18
7.1.19
7.1.20
7.1.21
7.1.22
7.1.23
7.1.24
7.1.25
7.1.26
7.1.27
7.1.28
7.1.29
7.1.30
7.1.31
7.1.32