CVE-2022-23837
Summary
| CVE | CVE-2022-23837 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-01-21 21:15:00 UTC |
|---|
| Updated | 2023-03-13 00:15:00 UTC |
|---|
| Description | In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Validate `days` parameter to avoid possible DoS in Web UI · mperham/sidekiq@7785ac1 · GitHub |
MISC |
github.com |
|
| [SECURITY] [DLA 2943-1] ruby-sidekiq security update |
MLIST |
lists.debian.org |
|
| Sidekiq version 5.2.10 also addresses CVE-2022-23837 by sqbell · Pull Request #495 · rubysec/ruby-advisory-db · GitHub |
MISC |
github.com |
|
| [SECURITY] [DLA 3360-1] ruby-sidekiq security update |
MLIST |
lists.debian.org |
|
| exploits/sidekiq.md at main · TUTUMSPACE/exploits · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179123 Debian Security Update for ruby-sidekiq (DLA 2943-1)
- 181627 Debian Security Update for ruby-sidekiq (DLA 3360-1)
- 182791 Debian Security Update for ruby-sidekiq (CVE-2022-23837)
- 240566 Red Hat Update for Satellite 6.11 Release (RHSA-2022:5498)
- 960505 Rocky Linux Security Update for Satellite (RLSA-2022:5498)
