Severity: high (7.5)
First published: Thu Sep 14 2023
Last modified: Tue Sep 26 2023
CWE: 400 345
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
The vulnerability ID for this vulnerability is CVE-2023-26141.
CVE-2023-26141 has a severity of 7.5 (High).
CVE-2023-26141 is a Denial of Service (DoS) vulnerability in the package sidekiq before 7.1.3. Insufficient checks in the dashboard-charts.js file allow an attacker to manipulate the localStorage value and cause excessive polling requests.
An attacker can exploit CVE-2023-26141 by manipulating the localStorage value in the sidekiq dashboard-charts.js file, which will result in excessive polling requests and cause a Denial of Service (DoS).
To fix CVE-2023-26141, update the sidekiq package to version 7.1.3 or later. It is recommended to regularly update packages to protect against known vulnerabilities.