sidekiq (RubyGems) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the RubyGems package sidekiq, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2022-23837 — CVSS 7.5 (high): In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads…
CVE-2023-26141 — CVSS 7.5 (high): Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the…
CVE-2021-30151 — CVSS 6.1 (medium): Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
CVE-2024-32887 — CVSS 5.5 (medium): Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is…