CVE-2021-30151
published 2021-04-06CVE-2021-30151: Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
4.16%
89.6th percentile
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contribsys | sidekiq | <= 5.1.3 | — |
| contribsys | sidekiq | >= 0 < 5.2.0 | 5.2.0 |
| contribsys | sidekiq | >= 6.0.0 < 6.2.1 | 6.2.1 |
| contribsys | sidekiq | 6.0.0 – 6.2.0 | — |
| debian | debian_linux | — | — |
| debian | ruby-sidekiq | < ruby-sidekiq 6.3.1+dfsg-1 (bookworm) | ruby-sidekiq 6.3.1+dfsg-1 (bookworm) |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
vendor_ubuntu6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Sidekiq vulnerabilities
vendor_ubuntu·2025-08-14·CVSS 6.1
CVE-2021-30151 [MEDIUM] Sidekiq vulnerabilities
Title: Sidekiq vulnerabilities
Summary: Several security issues were fixed in Sidekiq.
Anas Roubi discovered that Sidekiq did not correctly sanitize certain
inputs. An attacker could possibly use this issue to execute a cross-site
scripting (XSS) attack. This issue only affected Ubuntu 18.04 LTS, and
Ubuntu 20.04 LTS. (CVE-2021-30151)
It was discovered that Sidekiq did not correctly bound certain inputs. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2022-23837)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
sidekiq: XSS via the queue name of the live-poll feature
vendor_redhat·2021-10-08·CVSS 6.1
CVE-2021-30151 [MEDIUM] CWE-79 sidekiq: XSS via the queue name of the live-poll feature
sidekiq: XSS via the queue name of the live-poll feature
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
A cross-site scripting vulnerability was found in sidekiq via the queue name of the live-poll feature. A potential attacker can impersonate or masquerade as the victim user using this vulnerability when Internet Explorer is used.
Package: sidekiq (Red Hat 3scale API Management Platform 2) - Not affected
Debian
CVE-2021-30151: ruby-sidekiq - Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the...
vendor_debian·2021·CVSS 6.1
CVE-2021-30151 [MEDIUM] CVE-2021-30151: ruby-sidekiq - Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the...
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
Scope: local
bookworm: resolved (fixed in 6.3.1+dfsg-1)
bullseye: resolved (fixed in 6.0.4+dfsg-2+deb11u1)
forky: resolved (fixed in 6.3.1+dfsg-1)
sid: resolved (fixed in 6.3.1+dfsg-1)
trixie: resolved (fixed in 6.3.1+dfsg-1)
OSV
ruby-sidekiq vulnerabilities
osv·2025-08-14·CVSS 6.1
CVE-2021-30151 [MEDIUM] ruby-sidekiq vulnerabilities
ruby-sidekiq vulnerabilities
Anas Roubi discovered that Sidekiq did not correctly sanitize certain
inputs. An attacker could possibly use this issue to execute a cross-site
scripting (XSS) attack. This issue only affected Ubuntu 18.04 LTS, and
Ubuntu 20.04 LTS. (CVE-2021-30151)
It was discovered that Sidekiq did not correctly bound certain inputs. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2022-23837)
OSV
Cross-site Scripting in Sidekiq
osv·2021-10-06
CVE-2021-30151 [MEDIUM] Cross-site Scripting in Sidekiq
Cross-site Scripting in Sidekiq
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
GHSA
Cross-site Scripting in Sidekiq
ghsa·2021-10-06
CVE-2021-30151 [MEDIUM] CWE-79 Cross-site Scripting in Sidekiq
Cross-site Scripting in Sidekiq
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
OSV
CVE-2021-30151: Sidekiq through 5
osv·2021-04-06·CVSS 6.1
CVE-2021-30151 [MEDIUM] CVE-2021-30151: Sidekiq through 5
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
No detection rules found.
Nuclei
Sidekiq <=6.2.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-30151 [MEDIUM] Sidekiq <=6.2.0 - Cross-Site Scripting
Sidekiq <=6.2.0 - Cross-Site Scripting
Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used.
Template:
id: CVE-2021-30151
info:
name: Sidekiq <=6.2.0 - Cross-Site Scripting
author: DhiyaneshDk
severity: medium
description: Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used.
impact: |
Successful exploitation of this vulnerability could lead to unauthorized access, data theft, or session hijacking.
remediation: |
Upgrade to Sidekiq version 6.2.0 or later to mitigate this vulnerability.
reference:
- https://github.com/mperham/sidekiq/issues/4852
- https://lists.debia
No writeups or analysis indexed.
https://github.com/mperham/sidekiq/issues/4852https://lists.debian.org/debian-lts-announce/2022/03/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2023/03/msg00011.htmlhttps://github.com/mperham/sidekiq/issues/4852https://lists.debian.org/debian-lts-announce/2022/03/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2023/03/msg00011.html
2021-04-06
Published