CVE-2021-30151

Опубликовано: 06 апр. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.

Ссылки

https://github.com/mperham/sidekiq/issues/4852
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html
https://github.com/mperham/sidekiq/issues/4852
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*

Версия до 5.1.3 (включая)

cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*

Версия от 6.0.0 (включая) до 6.2.0 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.2396

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-30151

CVSS3: 6.1

ubuntu

почти 5 лет назад

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.

CVE-2021-30151

CVSS3: 5.5

redhat

больше 4 лет назад

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.

CVE-2021-30151

CVSS3: 6.1

debian

почти 5 лет назад

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...

GHSA-grh7-935j-hg6w

CVSS3: 6.1

github

больше 4 лет назад

Cross-site Scripting in Sidekiq

EPSS

Процентиль: 96%

0.2396

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79