Xhzeem

**Name of the Vulnerable Software and Affected Versions** Dalli (affected versions not specified) **Description** A vulnerability was found in the function `self.meta set` of the file `lib/dalli/protocol/meta/request formatter.rb` of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, it is recommended to apply a patch. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. As a temporary workaround, consider disabling the `self.meta set` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sidekiq versions 5.1.3 and earlier Sidekiq versions 6.x through 6.2.0 **Description** The issue allows for XSS via the queue name of the live-poll feature, specifically when Internet Explorer is used. **Recommendations** For Sidekiq versions 5.1.3 and earlier, update to a version later than 5.1.3 to resolve the issue. For Sidekiq versions 6.x through 6.2.0, update to a version later than 6.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the live-poll feature when using Internet Explorer until a patch is available.