CVE-2023-26141 – sidekiq

Package

Manager: gem
Name: sidekiq
Vulnerable Version: >=7.0.0 <7.1.3 || >=0 <6.5.10

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00295 pctl0.52381

Details

sidekiq Denial of Service vulnerability Versions of the package sidekiq before 7.1.3 and 6.5.10 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

Metadata

Created: 2023-09-14T06:30:19Z
Modified: 2023-10-05T13:29:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-3qc2-v3hp-6cv8/GHSA-3qc2-v3hp-6cv8.json
CWE IDs: ["CWE-345", "CWE-400"]
Alternative ID: GHSA-3qc2-v3hp-6cv8
Finding: F002
Auto approve: 1