Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1maHg4LTVjMjMteDd4Nc4AA5rk
Cross Site Scripting vulnerability in Contribsys Sidekiq
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.
Permalink: https://github.com/advisories/GHSA-fhx8-5c23-x7x5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1maHg4LTVjMjMteDd4Nc4AA5rk
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 months ago
Updated: about 2 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-fhx8-5c23-x7x5, CVE-2023-46950
References:
- https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38
- https://nvd.nist.gov/vuln/detail/CVE-2023-46950
- https://github.com/mhenrixon/sidekiq-unique-jobs/pull/829
- https://github.com/mhenrixon/sidekiq-unique-jobs/releases/tag/v8.0.7
- https://www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951
- https://github.com/mhenrixon/sidekiq-unique-jobs/commit/cd09ba6108f98973b6649a6149790c3d4502b4cc
- https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sidekiq-unique-jobs/CVE-2023-46950.yml
- https://github.com/advisories/GHSA-fhx8-5c23-x7x5
Blast Radius: 18.0
Affected Packages
rubygems:sidekiq-unique-jobs
Dependent packages: 13Dependent repositories: 887
Downloads: 33,101,373 total
Affected Version Ranges: < 7.1.33, >= 8.0.0, < 8.0.7
Fixed in: 7.1.33, 8.0.7
All affected versions: 2.1.0, 2.2.0, 2.2.1, 2.3.2, 2.6.5, 2.6.6, 2.6.7, 2.7.0, 2.7.1, 3.0.0, 3.0.1, 3.0.2, 3.0.5, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 4.0.0, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 5.0.0, 5.0.1, 5.0.2, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.16, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.10, 7.1.11, 7.1.12, 7.1.13, 7.1.14, 7.1.15, 7.1.16, 7.1.17, 7.1.18, 7.1.19, 7.1.20, 7.1.21, 7.1.22, 7.1.23, 7.1.24, 7.1.25, 7.1.26, 7.1.27, 7.1.28, 7.1.29, 7.1.30, 7.1.31, 7.1.32, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6
All unaffected versions: 7.1.33, 8.0.7, 8.0.8, 8.0.9, 8.0.10