UBUNTU-CVE-2024-32887

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-32887

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-32887.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-32887

Related

CVE-2024-32887

Published

2024-04-26T21:15:00Z

Modified

2025-01-13T10:25:16Z

Summary

[none]

Details

Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it to target users of the Sidekiq Web UI. Moreover, if other applications are deployed on the same domain or website as Sidekiq, users of those applications could also be affected, leading to a broader scope of compromise. Potentially compromising their accounts, forcing the users to perform sensitive actions, stealing sensitive data, performing CORS attacks, defacement of the web application, etc. This issue has been patched in version 7.2.4.

References

Affected packages

Ubuntu:Pro:16.04:LTS / ruby-sidekiq

Package

Name: ruby-sidekiq
Purl: pkg:deb/ubuntu/ruby-sidekiq@4.0.1+dfsg-2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.4~dfsg-1

4.*

4.0.1+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ruby-sidekiq

Package

Name: ruby-sidekiq
Purl: pkg:deb/ubuntu/ruby-sidekiq@5.0.4+dfsg-2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.3+dfsg-2

5.*

5.0.4+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ruby-sidekiq

Package

Name: ruby-sidekiq
Purl: pkg:deb/ubuntu/ruby-sidekiq@5.2.7+dfsg-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.7+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ruby-sidekiq

Package

Name: ruby-sidekiq
Purl: pkg:deb/ubuntu/ruby-sidekiq@6.3.1+dfsg-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.4+dfsg-2

6.3.1+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ruby-sidekiq

Package

Name: ruby-sidekiq
Purl: pkg:deb/ubuntu/ruby-sidekiq@6.5.12+dfsg-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.12+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ruby-sidekiq

Package

Name: ruby-sidekiq
Purl: pkg:deb/ubuntu/ruby-sidekiq@6.5.12+dfsg-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.7+dfsg3-3

6.5.10+dfsg-1

6.5.12+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}