Moderate severityNVD Advisory· Published Mar 1, 2024· Updated Sep 16, 2024
CVE-2023-46950
CVE-2023-46950
Description
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sidekiq-unique-jobsRubyGems | >= 8.0.0, < 8.0.7 | 8.0.7 |
sidekiq-unique-jobsRubyGems | < 7.1.33 | 7.1.33 |
Affected products
2- Contribsys/Sidekiqdescription
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-fhx8-5c23-x7x5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-46950ghsaADVISORY
- github.com/mhenrixon/sidekiq-unique-jobs/commit/cd09ba6108f98973b6649a6149790c3d4502b4ccghsaWEB
- github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82edghsaWEB
- github.com/mhenrixon/sidekiq-unique-jobs/pull/829ghsaWEB
- github.com/mhenrixon/sidekiq-unique-jobs/releases/tag/v8.0.7ghsaWEB
- github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/sidekiq-unique-jobs/CVE-2023-46950.ymlghsaWEB
- link.orgghsaWEB
- www.link.comghsaWEB
- www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951ghsaWEB
News mentions
0No linked articles in our index yet.