Skip to content

Commit

Permalink
GHSA Sync: Added 1 brand new advisory
Browse files Browse the repository at this point in the history
  • Loading branch information
@jasnow @postmodern
jasnow authored and postmodern committed Sep 16, 2023
1 parent 9ddb069 commit 2e93e5b
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions gems/sidekiq/CVE-2023-26141.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
gem: sidekiq
cve: 2023-26141
ghsa: 3qc2-v3hp-6cv8
url: https://github.com/sidekiq/sidekiq/blob/main/Changes.md#713
title: sidekiq Denial of Service vulnerability
date: 2023-09-14
description: |
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial
of Service (DoS) due to insufficient checks in the dashboard-charts.js
file. An attacker can exploit this vulnerability by manipulating the
localStorage value which will cause excessive polling requests.
cvss_v3: 7.5
patched_versions:
- ">= 7.1.3"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2023-26141
- https://github.com/sidekiq/sidekiq/blob/main/Changes.md#713
- https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89
- https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a
- https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
- https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js#L6
- https://github.com/advisories/GHSA-3qc2-v3hp-6cv8

0 comments on commit 2e93e5b

Please sign in to comment.