CVE-2022-23837 – sidekiq

Package

Manager: gem
Name: sidekiq
Vulnerable Version: >=6.0.0 <6.4.0 || >=0 <5.2.10

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00495 pctl0.6476

Details

Denial of service in sidekiq In `api.rb` in Sidekiq before 6.4.0 and 5.2.10, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

Metadata

Created: 2022-01-27T14:42:37Z
Modified: 2023-01-24T15:46:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-jrfj-98qg-qjgv/GHSA-jrfj-98qg-qjgv.json
CWE IDs: ["CWE-400", "CWE-770"]
Alternative ID: GHSA-jrfj-98qg-qjgv
Finding: F002
Auto approve: 1