Which version of sidekiq is affected by this vulnerability?

Versions of sidekiq up to version 7.1.3 are affected.

How severe is this vulnerability?

The severity of this vulnerability is high with a CVSS score of 7.5.

Is there a fix available for this vulnerability?

Yes, the vulnerability can be fixed by upgrading sidekiq to version 7.1.3 or later.

vuln-group

GHSA-3qc2-v3hp-6cv8

Severity: high (7.5)

First published: Thu Sep 14 2023

Last modified: Tue Sep 26 2023

CWE: 400 345

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

Any of

rubygems/sidekiq
<7.1.3
fixed in: 7.1.3

FAQ

What is the vulnerability present in sidekiq?
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Which version of sidekiq is affected by this vulnerability?
Versions of sidekiq up to version 7.1.3 are affected.
How severe is this vulnerability?
The severity of this vulnerability is high with a CVSS score of 7.5.
Is there a fix available for this vulnerability?
Yes, the vulnerability can be fixed by upgrading sidekiq to version 7.1.3 or later.

Reference Links

collector/github-advisory
alias/GHSA-3qc2-v3hp-6cv8
alias/CVE-2023-26141
collector/github-advisory-latest
package-manager/rubygems

FAQ

What is the vulnerability present in sidekiq?
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Which version of sidekiq is affected by this vulnerability?
Versions of sidekiq up to version 7.1.3 are affected.
How severe is this vulnerability?
The severity of this vulnerability is high with a CVSS score of 7.5.
Is there a fix available for this vulnerability?
Yes, the vulnerability can be fixed by upgrading sidekiq to version 7.1.3 or later.

GHSA-3qc2-v3hp-6cv8

Any of

FAQ

What is the vulnerability present in sidekiq?

How can an attacker exploit this vulnerability?

Which version of sidekiq is affected by this vulnerability?

How severe is this vulnerability?

Is there a fix available for this vulnerability?

Reference Links

Navigation

FAQ

What is the vulnerability present in sidekiq?

How can an attacker exploit this vulnerability?

Which version of sidekiq is affected by this vulnerability?

How severe is this vulnerability?

Is there a fix available for this vulnerability?