CVE-2022-23837
N/A
N/A
Summary
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
- https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md
- https://github.com/rubysec/ruby-advisory-db/pull/495
- https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html
- https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html
References
- https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
- https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md
- https://github.com/rubysec/ruby-advisory-db/pull/495
- https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html
- https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.