Bug 2239010 (CVE-2023-26141) - CVE-2023-26141 sidekiq: DoS in dashboard-charts
Summary: CVE-2023-26141 sidekiq: DoS in dashboard-charts
Status: NEW
Alias: CVE-2023-26141
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2239011
Blocks: 2239009
TreeView+ depends on / blocked
Reported: 2023-09-14 19:03 UTC by Chess Hazlett
Modified: 2023-11-13 17:50 UTC (History)
14 users (show)

Fixed In Version: sidekiq 7.1.3
Doc Type: If docs needed, set a value
Doc Text:
A denial of service vulnerability was found in Sidekiq. This flaw allows an attacker to manipulate the localStorage value in the dashboard-charts.js file and cause excessive polling requests.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Chess Hazlett 2023-09-14 19:03:13 UTC
Versions of the ruby package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

Note You need to log in before you can comment on or make changes to this bug.