CVE-2022-23837

high

Description

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

References

Advisories
More

https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html

https://github.com/rubysec/ruby-advisory-db/pull/495

https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956

https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html

https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md

Details

Source: Mitre, NVD

Published: 2022-01-21

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00294

Detections

Analytics