Denial of service in sidekiq

GHSA-jrfj-98qg-qjgv · CVE-2022-23837

Published Jan 27, 2022 · Modified Nov 8, 2023

Description

In api.rb in Sidekiq before 6.4.0 and 5.2.10, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-23837
WEB https://github.com/rubysec/ruby-advisory-db/pull/495
WEB https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
WEB https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md
PACKAGE https://github.com/mperham/sidekiq
WEB https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes