CVE-2023-26141

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-26141
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26141.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-26141
Aliases
Related
Published
2023-09-14T05:15:11Z
Modified
2025-02-19T03:30:48.351534Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

References

Affected packages

Debian:11 / ruby-sidekiq

Package

Name
ruby-sidekiq
Purl
pkg:deb/debian/ruby-sidekiq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.4+dfsg-2
6.2.1+dfsg-1
6.3.1+dfsg-1
6.4.1+dfsg-1
6.5.7+dfsg3-1
6.5.7+dfsg3-2
6.5.7+dfsg3-3
6.5.10+dfsg-1
6.5.12+dfsg-1

7.*

7.2.1+dfsg-1
7.2.1+dfsg-2
7.3.2+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-sidekiq

Package

Name
ruby-sidekiq
Purl
pkg:deb/debian/ruby-sidekiq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.1+dfsg-1
6.5.7+dfsg3-1
6.5.7+dfsg3-2
6.5.7+dfsg3-3
6.5.10+dfsg-1
6.5.12+dfsg-1

7.*

7.2.1+dfsg-1
7.2.1+dfsg-2
7.3.2+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-sidekiq

Package

Name
ruby-sidekiq
Purl
pkg:deb/debian/ruby-sidekiq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.2.1+dfsg-2

Affected versions

6.*

6.4.1+dfsg-1
6.5.7+dfsg3-1
6.5.7+dfsg3-2
6.5.7+dfsg3-3
6.5.10+dfsg-1
6.5.12+dfsg-1

7.*

7.2.1+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/mperham/sidekiq

Affected ranges

Type
GIT
Repo
https://github.com/mperham/sidekiq
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f67a7abccffc9337f144e7be96bb1ed4b0fee49a
Type
GIT
Repo
https://github.com/sidekiq/sidekiq
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
62c90d7c5a7d8a378d79909859d87c2e0702bf89
Fixed
62c90d7c5a7d8a378d79909859d87c2e0702bf89

Affected versions

Other

7-0
list

v0.*

v0.10.0
v0.5.0
v0.5.1
v0.7.0
v0.8.0

v1.*

v1.0.0
v1.1.0
v1.1.1
v1.1.4
v1.2.0
v1.2.1

v2.*

v2.0.0
v2.0.1
v2.0.3
v2.1.0
v2.10.0
v2.11.0
v2.11.1
v2.11.2
v2.12.0
v2.12.1
v2.12.3
v2.12.4
v2.13.0
v2.13.1
v2.14.0
v2.14.1
v2.15.2
v2.16.1
v2.17.0
v2.17.1
v2.17.2
v2.17.4
v2.17.7
v2.2.1
v2.3.2
v2.3.3
v2.4.0
v2.5.0
v2.5.2
v2.5.3
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.8.0

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.4.0
v3.4.1
v3.4.2
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4

v4.*

v4.0.0
v4.0.0.pre1
v4.0.0.pre2
v4.0.1
v4.0.2
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.2.0
v4.2.1
v4.2.10
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9

v5.*

v5.0.0
v5.0.0.beta1
v5.0.0.beta2
v5.0.0.beta3
v5.0.0.rc1
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.2.7

v6.*

v6.0.0
v6.0.0.pre1
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.1.0
v6.1.1
v6.1.2
v6.1.3
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.4.1
v6.4.2
v6.5.0
v6.5.1
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.5.6
v6.5.7
v6.5.8
v6.5.9

v7.*

v7.0.0
v7.0.0.beta1
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.9
v7.1.0
v7.1.1
v7.1.2