CVE-2023-26141
MEDIUM5.7EPSS 0.45%sidekiq Denial of Service vulnerability
Published: 9/14/2023Modified: 12/14/2025
Description
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Affected packages (2)
- Debian/ruby-sidekiqfrom 0
- RubyGems/sidekiq>= 7.0.0, < 7.1.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-26141
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-26141
- PATCHhttps://github.com/sidekiq/sidekiq
- WEBhttps://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/sidekiq/CVE-2023-26141.yml
- WEBhttps://github.com/sidekiq/sidekiq/blob/6-x/Changes.md#6510
- WEBhttps://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6
- WEBhttps://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js#L6
- WEBhttps://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89
- WEBhttps://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107