Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/sidekiq-unique-jobs@8.0.0

Type gem

Namespace

Name sidekiq-unique-jobs

Version 8.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.0.7

Latest_non_vulnerable_version 8.0.7

Affected_by_vulnerabilities

url VCID-c2xf-r9kk-vkd6

vulnerability_id VCID-c2xf-r9kk-vkd6

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url	https://github.com/mhenrixon/sidekiq-unique-jobs/commit/cd09ba6108f98973b6649a6149790c3d4502b4cc
reference_id
reference_type
scores
url	https://github.com/mhenrixon/sidekiq-unique-jobs/commit/cd09ba6108f98973b6649a6149790c3d4502b4cc

reference_url	https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed
reference_id
reference_type
scores
url	https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-25122
reference_id	CVE-2024-25122
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-25122

reference_url	https://github.com/advisories/GHSA-cmh9-rx85-xj38
reference_id	GHSA-cmh9-rx85-xj38
reference_type
scores
url	https://github.com/advisories/GHSA-cmh9-rx85-xj38

reference_url	https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38
reference_id	GHSA-cmh9-rx85-xj38
reference_type
scores
url	https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38

fixed_packages

url	pkg:gem/sidekiq-unique-jobs@8.0.7
purl	pkg:gem/sidekiq-unique-jobs@8.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/sidekiq-unique-jobs@8.0.7

aliases CVE-2024-25122, GHSA-cmh9-rx85-xj38

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2xf-r9kk-vkd6

url VCID-jqxs-4xeh-5ue2

vulnerability_id VCID-jqxs-4xeh-5ue2

summary Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.

references

reference_url	https://github.com/mhenrixon/sidekiq-unique-jobs
reference_id
reference_type
scores
url	https://github.com/mhenrixon/sidekiq-unique-jobs

reference_url	https://github.com/mhenrixon/sidekiq-unique-jobs/commit/cd09ba6108f98973b6649a6149790c3d4502b4cc
reference_id
reference_type
scores
url	https://github.com/mhenrixon/sidekiq-unique-jobs/commit/cd09ba6108f98973b6649a6149790c3d4502b4cc

reference_url	https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed
reference_id
reference_type
scores
url	https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed

reference_url	https://github.com/mhenrixon/sidekiq-unique-jobs/pull/829
reference_id
reference_type
scores
url	https://github.com/mhenrixon/sidekiq-unique-jobs/pull/829

reference_url	https://github.com/mhenrixon/sidekiq-unique-jobs/releases/tag/v8.0.7
reference_id
reference_type
scores
url	https://github.com/mhenrixon/sidekiq-unique-jobs/releases/tag/v8.0.7

reference_url	https://link.org
reference_id
reference_type
scores
url	https://link.org

reference_url	https://www.link.com
reference_id
reference_type
scores
url	https://www.link.com

reference_url	https://www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951
reference_id
reference_type
scores
url	https://www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-46950
reference_id	CVE-2023-46950
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-46950

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sidekiq-unique-jobs/CVE-2023-46950.yml
reference_id	CVE-2023-46950.YML
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sidekiq-unique-jobs/CVE-2023-46950.yml

reference_url	https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38
reference_id	GHSA-cmh9-rx85-xj38
reference_type
scores
url	https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38

reference_url	https://github.com/advisories/GHSA-fhx8-5c23-x7x5
reference_id	GHSA-fhx8-5c23-x7x5
reference_type
scores
url	https://github.com/advisories/GHSA-fhx8-5c23-x7x5

fixed_packages

url	pkg:gem/sidekiq-unique-jobs@8.0.7
purl	pkg:gem/sidekiq-unique-jobs@8.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/sidekiq-unique-jobs@8.0.7

aliases CVE-2023-46950, GHSA-fhx8-5c23-x7x5

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqxs-4xeh-5ue2

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sidekiq-unique-jobs@8.0.0

Package Instance