CVE-2023-26141 – sidekiq: DoS in dashboard-charts
https://notcve.org/view.php?id=CVE-2023-26141
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. Las versiones del paquete sidekiq anteriores a la 7.1.3 son vulnerables a la Denegación de Servicio (DoS) debido a comprobaciones insuficientes en el archivo dashboard-charts.js. Un atacante puede aprovechar esta vulnerabilidad manipulando el valor de localStorage, lo que provocará peticiones excesivas. A denial of service vulnerability was found in Sidekiq. • https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6 https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89 https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107 https://access.redhat.com/security/cve/CVE-2023-26141 https://bugzilla.redhat.com/show_bug.cgi?id=2239010 • CWE-345: Insufficient Verification of Data Authenticity CWE-400: Uncontrolled Resource Consumption •
CVE-2023-1892 – Cross-site Scripting (XSS) - Reflected in sidekiq/sidekiq
https://notcve.org/view.php?id=CVE-2023-1892
Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8. • https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214 https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •