Severity: high (7.5)

First published: Thu Sep 14 2023

Last modified: Tue Sep 26 2023

CWE: 400 345

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

Any of

  • rubygems/sidekiq
    fixed in: 7.1.3
  • Contribsys Sidekiq


  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2023-26141.

  • What is the severity of CVE-2023-26141?

    CVE-2023-26141 has a severity of 7.5 (High).

  • What is the description of CVE-2023-26141?

    CVE-2023-26141 is a Denial of Service (DoS) vulnerability in the package sidekiq before 7.1.3. Insufficient checks in the dashboard-charts.js file allow an attacker to manipulate the localStorage value and cause excessive polling requests.

  • How can an attacker exploit CVE-2023-26141?

    An attacker can exploit CVE-2023-26141 by manipulating the localStorage value in the sidekiq dashboard-charts.js file, which will result in excessive polling requests and cause a Denial of Service (DoS).

  • How can I fix or mitigate CVE-2023-26141?

    To fix CVE-2023-26141, update the sidekiq package to version 7.1.3 or later. It is recommended to regularly update packages to protect against known vulnerabilities.

SecAlerts Pty Ltd.
Fortitude Valley,
QLD 4006, Australia
© Copyright 2023 - ABN: 70 645 966 203, ACN: 645 966 203