GHSA-3qc2-v3hp-6cv8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3qc2-v3hp-6cv8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-3qc2-v3hp-6cv8/GHSA-3qc2-v3hp-6cv8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3qc2-v3hp-6cv8
- Aliases
- Published
- 2023-09-14T06:30:19Z
- Modified
- 2024-02-16T08:13:11.075742Z
- Severity
-
- 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- sidekiq Denial of Service vulnerability
- Details
-
Versions of the package sidekiq before 7.1.3 and 6.5.10 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-26141
- https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89
- https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sidekiq/CVE-2023-26141.yml
- https://github.com/sidekiq/sidekiq
- https://github.com/sidekiq/sidekiq/blob/6-x/Changes.md#6510
- https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js#L6
- https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6
- https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
Affected packages
RubyGems / sidekiq
Package
- Name
- sidekiq
- Purl
- pkg:gem/sidekiq
RubyGems / sidekiq
Package
- Name
- sidekiq
- Purl
- pkg:gem/sidekiq
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.5.10
Affected versions
0.*
0.5.0
0.5.1
0.6.0
0.7.0
0.8.0
0.9.0
0.9.1
0.10.0
0.10.1
0.11.0
0.11.1
0.11.2
1.*
1.0.0
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2.0
1.2.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.1.1
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.4.0
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.9.0
2.10.0
2.10.1
2.11.0
2.11.1
2.11.2
2.12.0
2.12.1
2.12.3
2.12.4
2.13.0
2.13.1
2.14.0
2.14.1
2.15.0
2.15.1
2.15.2
2.16.0
2.16.1
2.17.0
2.17.1
2.17.2
2.17.3
2.17.4
2.17.5
2.17.6
2.17.7
2.17.8
3.*
3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.4.0
3.4.1
3.4.2
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
4.*
4.0.0.pre1
4.0.0.pre2
4.0.0
4.0.1
4.0.2
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.2.10
5.*
5.0.0.beta1
5.0.0.beta2
5.0.0.beta3
5.0.0.rc1
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.1.0
5.1.1
5.1.2
5.1.3
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.2.9
5.2.10
6.*
6.0.0.pre1
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.1.0
6.1.1
6.1.2
6.1.3
6.2.0
6.2.1
6.2.2
6.3.0
6.3.1
6.4.0
6.4.1
6.4.2
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4
6.5.5
6.5.6
6.5.7
6.5.8
6.5.9