GHSA-grh7-935j-hg6w

Source

https://github.com/advisories/GHSA-grh7-935j-hg6w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-grh7-935j-hg6w/GHSA-grh7-935j-hg6w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-grh7-935j-hg6w

Aliases

CVE-2021-30151

Published

2021-10-06T17:47:17Z

Modified

2023-11-08T04:05:44.931120Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting in Sidekiq

Details

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.

Database specific

{
    "github_reviewed_at": "2021-10-06T16:52:11Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "nvd_published_at": "2021-04-06T06:15:00Z",
    "severity": "MODERATE"
}

References

Affected packages

RubyGems / sidekiq

Package

Name: sidekiq
Purl: pkg:gem/sidekiq

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.0

Affected versions

0.*

0.5.0

0.5.1

0.6.0

0.7.0

0.8.0

0.9.0

0.9.1

0.10.0

0.10.1

0.11.0

0.11.1

0.11.2

1.*

1.0.0

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.2.0

1.2.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.0

2.1.1

2.2.0

2.2.1

2.3.0

2.3.1

2.3.2

2.3.3

2.4.0

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.8.0

2.9.0

2.10.0

2.10.1

2.11.0

2.11.1

2.11.2

2.12.0

2.12.1

2.12.3

2.12.4

2.13.0

2.13.1

2.14.0

2.14.1

2.15.0

2.15.1

2.15.2

2.16.0

2.16.1

2.17.0

2.17.1

2.17.2

2.17.3

2.17.4

2.17.5

2.17.6

2.17.7

2.17.8

3.*

3.0.0

3.0.1

3.0.2

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.4.0

3.4.1

3.4.2

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

4.*

4.0.0.pre1

4.0.0.pre2

4.0.0

4.0.1

4.0.2

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

4.2.10

5.*

5.0.0.beta1

5.0.0.beta2

5.0.0.beta3

5.0.0.rc1

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.1.0

5.1.1

5.1.2

5.1.3

RubyGems / sidekiq

Package

Name: sidekiq
Purl: pkg:gem/sidekiq

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.2.1

Affected versions

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.1.0

6.1.1

6.1.2

6.1.3

6.2.0