6 matches found
CVE-2021-30151
CVE-2021-30151 is a Cross-Site Scripting vulnerability in Sidekiq up to 6.2.0 (and
CVE-2022-23837
CVE-2022-23837 affects Sidekiq (api.rb): there is no limit on the number of days when requesting graph statistics, which can overload the system and render the Web UI unavailable. Concrete references in connected docs include Debian/DLA-4407-1 (ruby-sidekiq fix in 6.0.4+dfsg-2+deb11u1; also menti...
CVE-2023-26141
CVE-2023-26141 affects sidekiq prior to 7.1.3. The vulnerability arises from insufficient checks in the dashboard-charts.js file, allowing an attacker to manipulate localStorage and trigger excessive polling, leading to Denial of Service. The DoS impact is documented across multiple feeds, with t...
CVE-2023-46950
CVE-2023-46950 affects Contribsys Sidekiq v6.5.8, with a Cross Site Scripting vulnerability that allows a remote attacker to obtain sensitive information via a crafted payload in the filter functions (and related uniquejobs context per Red Hat entries). The issue is described across multiple feed...
CVE-2023-46951
Contribsys Sidekiq 6.5.8 is affected by a Cross Site Scripting vulnerability (CVE-2023-46951). Red Hat advisories confirm an XSS via a crafted payload to the uniquejobs function that could let a remote attacker obtain sensitive information. The CVSS vector in the description indicates Network acc...
CVE-2023-1892
CVE-2023-1892 is a reflected XSS in Sidekiq prior to version 7.0.8. Affected versions include 7.0.4 through 7.0.7. The vulnerability arises from unsafely reflected input (e.g., GET parameters like period) in Sidekiq endpoints, enabling injection of JavaScript that could be executed in an administ...