Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
CVE-2023-26141 - High Severity Vulnerability
Vulnerable Library - sidekiq-6.2.1.gem
Simple, efficient background processing for Ruby.
Library home page: https://rubygems.org/gems/sidekiq-6.2.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy: - :x: **sidekiq-6.2.1.gem** (Vulnerable Library)
Found in HEAD commit: 3a3902efe3788aa4f5410d439175653e42f854e6
Found in base branch: main
Vulnerability Details
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Publish Date: 2023-09-14
URL: CVE-2023-26141
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a
Release Date: 2023-09-14
Fix Resolution: sidekiq - 7.1.3
Step up your Open Source Security Game with Mend here