| Release | Version |
|---|---|
| bullseye | 6.0.4+dfsg-2 |
| bookworm | 6.4.1+dfsg-1 |
| trixie | 7.3.2+dfsg-1 |
| forky | 7.3.2+dfsg-1 |
| sid | 7.3.2+dfsg-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2023-26141 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | Versions of the package sidekiq before 7.1.3 are vulnerable to Denial ... |
| CVE-2022-23837 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ... |
| CVE-2021-30151 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ... |
| Bug | Description |
|---|---|
| TEMP-0000000-F9A459 | XSS via job arguments display class in Sidekiq::Web |
| TEMP-0000000-BD209F | XSS via queue name in Sidekiq::Web |
| TEMP-0000000-23C1BD | Sidekiq::Web lacks CSRF protection |
| CVE-2024-32887 | Sidekiq is simple, efficient background processing for Ruby. Sidekiq i ... |
| CVE-2023-1892 | Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/si ... |
| DSA / DLA | Description |
|---|---|
| DLA-3360-1 | ruby-sidekiq - security update |
| DLA-2943-1 | ruby-sidekiq - security update |