GHSA-3qc2-v3hp-6cv8

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-3qc2-v3hp-6cv8/GHSA-3qc2-v3hp-6cv8.json
Aliases
  • CVE-2023-26141
Published
2023-09-14T06:30:19Z
Modified
2023-09-14T19:49:48.976158Z
Details

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

References

Affected packages

RubyGems / sidekiq

Source Details

Package Name
sidekiq

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
7.1.3

Affected versions

0.*

0.5.0
0.5.1
0.6.0
0.7.0
0.8.0
0.9.0
0.9.1
0.10.0
0.10.1
0.11.0
0.11.1
0.11.2

1.*

1.0.0
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2.0
1.2.1

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.1.1
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.4.0
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.9.0
2.10.0
2.10.1
2.11.0
2.11.1
2.11.2
2.12.0
2.12.1
2.12.3
2.12.4
2.13.0
2.13.1
2.14.0
2.14.1
2.15.0
2.15.1
2.15.2
2.16.0
2.16.1
2.17.0
2.17.1
2.17.2
2.17.3
2.17.4
2.17.5
2.17.6
2.17.7
2.17.8

3.*

3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.4.0
3.4.1
3.4.2
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4

4.*

4.0.0.pre1
4.0.0.pre2
4.0.0
4.0.1
4.0.2
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.2.10

5.*

5.0.0.beta1
5.0.0.beta2
5.0.0.beta3
5.0.0.rc1
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.1.0
5.1.1
5.1.2
5.1.3
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.2.9
5.2.10

6.*

6.0.0.pre1
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.1.0
6.1.1
6.1.2
6.1.3
6.2.0
6.2.1
6.2.2
6.3.0
6.3.1
6.4.0
6.4.1
6.4.2
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4
6.5.5
6.5.6
6.5.7
6.5.8
6.5.9

7.*

7.0.0.beta1
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7
7.0.8
7.0.9
7.1.0
7.1.1
7.1.2

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}