mhenrixon/sidekiq-unique-jobs

mhenrixon/sidekiq-unique-jobs

Releases169

Frequency4 weeks 1 day

Last Release 2 months ago

Stars1.54K

Prevents duplicate Sidekiq jobs

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-46950 ↗	Mar 1, 2024Friday, 1 March 2024, 14:15	6.1 MEDIUM	—
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.
CVE-2023-46951 ↗	Mar 1, 2024Friday, 1 March 2024, 14:15	6.1 MEDIUM	—
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function.
CVE-2024-25122 ↗	Feb 13, 2024Tuesday, 13 February 2024, 19:15	7.1 HIGH	—
sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.