Exploit Report

Computer Security And Bug Information

CVE-2023-26141

CVECVE-2023-26141
CVE Title
Published Date2023-09-14T05:15Z
Modified Date2023-09-20T18:53Z
CWE TypeCWE-345
CVSS 3.xCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
DescriptionVersions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a
Reference DescriptionMISC https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a
Reference URLhttps://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6
Reference DescriptionMISC https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6
Reference URLhttps://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89
Reference DescriptionMISC https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89
Reference URLhttps://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
Reference DescriptionMISC https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
TagsExploit
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles