Cross-site Request Forgery (CSRF) Affecting sidekiq-pro package, versions < 2.0.6
Snyk CVSS
Attack Complexity
Low
Scope
Changed
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-SIDEKIQPRO-20234
- published 16 Jul 2015
- disclosed 16 Jul 2015
- credit Unknown
Overview
sidekiq-pro
is the commercial version of sidekiq
, a background processing package for Ruby.
Affected versions contain a vulnerability that allows forgery of POST requests on job filtering in Sidekiq::Web
.