CVE-2022-23837 — Allocation of Resources Without Limits or Throttling in Sidekiq

CWE-770 — Allocation of Resources Without Limits or Throttling CWE-400 — Uncontrolled Resource Consumption8 documents6 sources

Severity

7.5HIGHNVD

OSV6.1

EPSS

0.8%

top 25.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contribsys Sidekiq Debian Ruby-sidekiq Debian Linux

Timeline

PublishedJan 21

Latest updateAug 14

Description

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDcontribsys/sidekiq6.0.0 — 6.4.0+1

▶RubyGemscontribsys/sidekiq6.0.0 — 6.4.0+1

▶debiandebian/ruby-sidekiq< ruby-sidekiq 6.4.1+dfsg-1 (bookworm)

Also affects: Debian Linux 9.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

ruby-sidekiq vulnerabilities↗2025-08-14

▶

GHSA

Denial of service in sidekiq↗2022-01-27

▶

OSV

Denial of service in sidekiq↗2022-01-27

▶

OSV

CVE-2022-23837: In api↗2022-01-21

▶

📋Vendor Advisories

Ubuntu

Sidekiq vulnerabilities↗2025-08-14

▶

Red Hat

sidekiq: WebUI Denial of Service caused by number of days on graph↗2022-01-22

▶

Debian

CVE-2022-23837: ruby-sidekiq - In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of...↗2022

▶