First published: Thu Sep 14 2023(Updated: )
Versions of the package sidekiq before 7.1.3 and 6.5.10 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Credit: report@snyk.io report@snyk.io report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
rubygems/sidekiq | <6.5.10 | 6.5.10 |
rubygems/sidekiq | >=7.0.0<7.1.3 | 7.1.3 |
redhat/sidekiq | <7.1.3 | 7.1.3 |
Sidekiq | <7.1.3 | |
Sidekiq | <6.5.10 | |
Sidekiq | >=7.0<7.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-26141.
CVE-2023-26141 has a severity of 7.5 (High).
CVE-2023-26141 is a Denial of Service (DoS) vulnerability in the package sidekiq before 7.1.3. Insufficient checks in the dashboard-charts.js file allow an attacker to manipulate the localStorage value and cause excessive polling requests.
An attacker can exploit CVE-2023-26141 by manipulating the localStorage value in the sidekiq dashboard-charts.js file, which will result in excessive polling requests and cause a Denial of Service (DoS).
To fix CVE-2023-26141, update the sidekiq package to version 7.1.3 or later. It is recommended to regularly update packages to protect against known vulnerabilities.