| Release | Version |
|---|---|
| stretch | 4.2.3+dfsg-1 |
| buster | 5.2.3+dfsg-1 |
| bullseye | 6.0.4+dfsg-2 |
| bookworm | 6.0.4+dfsg-2 |
| sid | 6.0.4+dfsg-2 |
| Bug | stretch | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2021-30151 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ... |
| Bug | Description |
|---|---|
| TEMP-0000000-F9A459 | XSS via job arguments display class in Sidekiq::Web |
| TEMP-0000000-BD209F | XSS via queue name in Sidekiq::Web |
| TEMP-0000000-23C1BD | Sidekiq::Web lacks CSRF protection |