GHSA-jrfj-98qg-qjgv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jrfj-98qg-qjgv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-jrfj-98qg-qjgv/GHSA-jrfj-98qg-qjgv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jrfj-98qg-qjgv
- Aliases
- Published
- 2022-01-27T14:42:37Z
- Modified
- 2023-11-01T05:30:43.169537Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Denial of service in sidekiq
- Details
-
In
api.rbin Sidekiq before 6.4.0 and 5.2.10, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. - References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-23837
- https://github.com/rubysec/ruby-advisory-db/pull/495
- https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
- https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md
- https://github.com/mperham/sidekiq
- https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html
Affected packages
RubyGems / sidekiq
Package
- Name
- sidekiq
- Purl
- pkg:gem/sidekiq
RubyGems / sidekiq
Package
- Name
- sidekiq
- Purl
- pkg:gem/sidekiq
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.10
Affected versions
0.*
0.5.0
0.5.1
0.6.0
0.7.0
0.8.0
0.9.0
0.9.1
0.10.0
0.10.1
0.11.0
0.11.1
0.11.2
1.*
1.0.0
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2.0
1.2.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.1.1
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.4.0
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.9.0
2.10.0
2.10.1
2.11.0
2.11.1
2.11.2
2.12.0
2.12.1
2.12.3
2.12.4
2.13.0
2.13.1
2.14.0
2.14.1
2.15.0
2.15.1
2.15.2
2.16.0
2.16.1
2.17.0
2.17.1
2.17.2
2.17.3
2.17.4
2.17.5
2.17.6
2.17.7
2.17.8
3.*
3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.4.0
3.4.1
3.4.2
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
4.*
4.0.0.pre1
4.0.0.pre2
4.0.0
4.0.1
4.0.2
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.2.10
5.*
5.0.0.beta1
5.0.0.beta2
5.0.0.beta3
5.0.0.rc1
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.1.0
5.1.1
5.1.2
5.1.3
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.2.9