Cross-site Scripting in Sidekiq
Published: October 06, 2021
SECURITY IDENTIFIERS
- CVE: CVE-2021-30151 (NVD)
- GHSA: GHSA-grh7-935j-hg6w
GEM
SEVERITY
CVSS v3.x: 6.1 (Medium)
PATCHED VERSIONS
~> 5.2.0
>= 6.2.1
DESCRIPTION
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.