In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
References
Link | Resource |
---|---|
https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md | Exploit Third Party Advisory |
https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 | Patch Third Party Advisory |
https://github.com/rubysec/ruby-advisory-db/pull/495 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html |
Configurations
History
13 Mar 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Apr 2022, 17:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux |
|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html - Mailing List, Third Party Advisory |
10 Mar 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Feb 2022, 14:58
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/rubysec/ruby-advisory-db/pull/495 - Patch, Third Party Advisory |
07 Feb 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
Summary | In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. | |
References |
|
28 Jan 2022, 02:32
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 - Patch, Third Party Advisory | |
CWE | CWE-770 | |
CPE | cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
First Time |
Contribsys
Contribsys sidekiq |
21 Jan 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-21 21:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-23837
Mitre link : CVE-2022-23837
CVE.ORG link : CVE-2022-23837
JSON object : View
Products Affected
debian
- debian_linux
contribsys
- sidekiq
CWE
CWE-770
Allocation of Resources Without Limits or Throttling