Vulnerability Description
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contribsys | Sidekiq | < 5.2.10 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.mdExploitThird Party Advisory
- https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d9PatchThird Party Advisory
- https://github.com/rubysec/ruby-advisory-db/pull/495PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/03/msg00015.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html
- https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.mdExploitThird Party Advisory
- https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d9PatchThird Party Advisory
- https://github.com/rubysec/ruby-advisory-db/pull/495PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/03/msg00015.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html
FAQ
What is CVE-2022-23837?
CVE-2022-23837 is a vulnerability with a CVSS score of 7.5 (HIGH). In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to ...
How severe is CVE-2022-23837?
CVE-2022-23837 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23837?
Check the references section above for vendor advisories and patch information. Affected products include: Contribsys Sidekiq, Debian Debian Linux.