Sidekiq Security Vulnerabilities and Issues — Sidekiq CVE List

Lucene search

ContribsysSidekiq

6 matches found

CVE•added 2021/04/06 6:15 a.m.•136 views

CVE-2021-30151

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.

6.1CVSS6AI score0.19112EPSS

CVE•added 2022/01/21 9:15 p.m.•112 views

CVE-2022-23837

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

7.5CVSS7.2AI score0.00373EPSS

CVE•added 2024/03/01 2:15 p.m.•57 views

CVE-2023-46950

Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.

6.1CVSS5.8AI score0.00481EPSS

CVE•added 2024/03/01 2:15 p.m.•57 views

CVE-2023-46951

Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function.

6.1CVSS5.9AI score0.00559EPSS

CVE•added 2023/09/14 5:15 a.m.•46 views

CVE-2023-26141

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

7.5CVSS4.8AI score0.00295EPSS

CVE•added 2023/04/21 5:15 a.m.•43 views

CVE-2023-1892

Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.

9.6CVSS8.5AI score0.74399EPSS