CVE-2022-23837

Published: Jan 21, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956

https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md

https://github.com/rubysec/ruby-advisory-db/pull/495

[debian-lts-announce] 20220310 [SECURITY] [DLA 2943-1] ruby-sidekiq security update

mailing-list

[debian-lts-announce] 20230312 [SECURITY] [DLA 3360-1] ruby-sidekiq security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-23837

Description

Affected Products

References