ADVISORIES

• OSVDB-125676
• Vendor Advisory

GEM

sidekiq

PATCHED VERSIONS

• >= 3.4.0

DESCRIPTION

Sidekiq Gem for Ruby web/views/queue.erb [CurrentMessagesInQueue, AreYouSureDeleteQueue] Element Reflected XSS

RELATED

• OSVDB-125677
• https://seclists.org/oss-sec/2015/q3/267
• https://github.com/mperham/sidekiq/issues/2330
• https://github.com/sidekiq/sidekiq/commit/2178d66b6686fbf4430223c34c184a64c9906828
• https://github.com/rubysec/ruby-advisory-db/pull/196
• https://github.com/rubysec/ruby-advisory-db/commit/19a8fc075a6cc0702f978219c88d97c666fecdbd