CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26141 – sidekiq: DoS in dashboard-charts
https://notcve.org/view.php?id=CVE-2023-26141
14 Sep 2023 — Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. Las versiones del paquete sidekiq anteriores a la 7.1.3 son vulnerables a la Denegación de Servicio (DoS) debido a comprobaciones insuficientes en el archivo dashboard-charts.js. Un atacante puede aprovechar esta vulnerabilidad manipuland... • https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a • CWE-345: Insufficient Verification of Data Authenticity CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 65%CPEs: 1EXPL: 1CVE-2023-1892 – Cross-site Scripting (XSS) - Reflected in sidekiq/sidekiq
https://notcve.org/view.php?id=CVE-2023-1892
05 Apr 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8. • https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •