CVE-2023-26141
published 2023-09-14CVE-2023-26141: Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker…
PriorityP421medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
0.75%
50.3th percentile
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contribsys | sidekiq | < 7.1.3 | 7.1.3 |
| contribsys | sidekiq | < 6.5.10 | 6.5.10 |
| contribsys | sidekiq | >= 0 < 6.5.10 | 6.5.10 |
| contribsys | sidekiq | >= 7.0 < 7.1.3 | 7.1.3 |
| contribsys | sidekiq | >= 7.0.0 < 7.1.3 | 7.1.3 |
| debian | ruby-sidekiq | — | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ruby-rack vulnerabilities
osv·2024-06-17·CVSS 7.5
CVE-2023-27530 ruby-rack vulnerabilities
ruby-rack vulnerabilities
It was discovered that Rack incorrectly handled Multipart MIME parsing. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected Ubuntu
23.10. (CVE-2023-27530)
It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-25126)
It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create large
responses, leading to a denial of service. This issue only affected Ubuntu
24.04 LTS. (CVE-2024-26141)
It was discovered that Rack incorrectly handled certain crafted headers.
OSV
ruby-rack vulnerabilities
osv·2024-03-12·CVSS 5.3
CVE-2023-27539 ruby-rack vulnerabilities
ruby-rack vulnerabilities
It was discovered that Rack incorrectly parse some headers.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-27539, CVE-2024-26141, CVE-2024-26146)
GHSA
sidekiq Denial of Service vulnerability
ghsa·2023-09-14
CVE-2023-26141 [MEDIUM] CWE-345 sidekiq Denial of Service vulnerability
sidekiq Denial of Service vulnerability
Versions of the package sidekiq before 7.1.3 and 6.5.10 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
OSV
CVE-2023-26141: Versions of the package sidekiq before 7
osv·2023-09-14·CVSS 4.9
CVE-2023-26141 [MEDIUM] CVE-2023-26141: Versions of the package sidekiq before 7
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
OSV
sidekiq Denial of Service vulnerability
osv·2023-09-14
CVE-2023-26141 [MEDIUM] sidekiq Denial of Service vulnerability
sidekiq Denial of Service vulnerability
Versions of the package sidekiq before 7.1.3 and 6.5.10 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Red Hat
sidekiq: DoS in dashboard-charts
vendor_redhat·2023-09-14·CVSS 7.5
CVE-2023-26141 [HIGH] CWE-400 sidekiq: DoS in dashboard-charts
sidekiq: DoS in dashboard-charts
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
A denial of service vulnerability was found in Sidekiq. This flaw allows an attacker to manipulate the localStorage value in the dashboard-charts.js file and cause excessive polling requests.
Package: 3scale-amp-system-container (Red Hat 3scale API Management Platform 2) - Affected
Debian
CVE-2023-26141: ruby-sidekiq - Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service...
vendor_debian·2023·CVSS 7.5
CVE-2023-26141 [HIGH] CVE-2023-26141: ruby-sidekiq - Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service...
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2ahttps://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2ahttps://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
2023-09-14
Published