Moderate severityNVD Advisory· Published Apr 6, 2021· Updated Aug 3, 2024
CVE-2021-30151
CVE-2021-30151
Description
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sidekiqRubyGems | < 5.2.0 | 5.2.0 |
sidekiqRubyGems | >= 6.0.0, < 6.2.1 | 6.2.1 |
Affected products
2- Sidekiq/Sidekiqdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-grh7-935j-hg6wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-30151ghsaADVISORY
- github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8ghsaWEB
- github.com/mperham/sidekiq/issues/4852ghsaWEB
- lists.debian.org/debian-lts-announce/2022/03/msg00015.htmlghsamailing-listWEB
- lists.debian.org/debian-lts-announce/2023/03/msg00011.htmlmitremailing-list
News mentions
0No linked articles in our index yet.