RubySec

Providing security resources for the Ruby community

CVE-2023-26141 (sidekiq): sidekiq Denial of Service vulnerability

ADVISORIES

GEM

sidekiq

SEVERITY

CVSS v3.x: 4.9 (Medium)

PATCHED VERSIONS

  • ~> 6.5.10
  • >= 7.1.3

DESCRIPTION

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

RELATED