First published: Thu Sep 14 2023(Updated: )
Versions of the package sidekiq before 7.1.3 and 6.5.10 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Affected Software | Affected Version | How to fix |
---|---|---|
rubygems/sidekiq | <6.5.10 | 6.5.10 |
rubygems/sidekiq | >=7.0.0<7.1.3 | 7.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file.
An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Versions of sidekiq up to version 7.1.3 are affected.
The severity of this vulnerability is high with a CVSS score of 7.5.
Yes, the vulnerability can be fixed by upgrading sidekiq to version 7.1.3 or later.