Release | Version |
---|---|
buster | 5.2.3+dfsg-1 |
buster (security) | 5.2.3+dfsg-1+deb10u1 |
bullseye | 6.0.4+dfsg-2 |
bookworm | 6.4.1+dfsg-1 |
sid | 6.4.1+dfsg-1 |
Bug | buster | bullseye | bookworm | sid | Description |
---|---|---|---|---|---|
CVE-2022-23837 | fixed | vulnerable (no DSA) | fixed | fixed | In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ... |
CVE-2021-30151 | fixed | vulnerable (no DSA) | fixed | fixed | Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ... |
Bug | Description |
---|---|
TEMP-0000000-F9A459 | XSS via job arguments display class in Sidekiq::Web |
TEMP-0000000-BD209F | XSS via queue name in Sidekiq::Web |
TEMP-0000000-23C1BD | Sidekiq::Web lacks CSRF protection |
DSA / DLA | Description |
---|---|
DLA-3360-1 | ruby-sidekiq - security update |
DLA-2943-1 | ruby-sidekiq - security update |