CVE-2023-26141
Summary
| CVE | CVE-2023-26141 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-09-14 05:15:00 UTC |
|---|
| Updated | 2023-11-07 04:09:00 UTC |
|---|
| Description | Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Contribsys |
Sidekiq |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| Validate page refresh interval to ensure a minimum amount of delay · sidekiq/sidekiq@62c90d7 · GitHub |
MISC |
github.com |
|
| Sidekiq DoS · GitHub |
MISC |
gist.github.com |
|
| github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%... |
MISC |
github.com |
|
| Denial of Service (DoS) in sidekiq | CVE-2023-26141 | Snyk |
MISC |
security.snyk.io |
|
| MISC:https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6 |
MITRE |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 242923 Red Hat Update for Satellite 6.14.2 (RHSA-2024:0797)
- 995284 Rubygems (Rubygems) Security Update for sidekiq (GHSA-3qc2-v3hp-6cv8)
