[DRE-maint] Bug#1059300: ruby-sidekiq: CVE-2023-26141
Moritz Mühlenhoff
jmm at inutil.org
Fri Dec 22 13:06:04 GMT 2023
Source: ruby-sidekiq
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sidekiq.
CVE-2023-26141[0]:
| Versions of the package sidekiq before 7.1.3 are vulnerable to
| Denial of Service (DoS) due to insufficient checks in the dashboard-
| charts.js file. An attacker can exploit this vulnerability by
| manipulating the localStorage value which will cause excessive
| polling requests.
https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89 (v7.1.3)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-26141
https://www.cve.org/CVERecord?id=CVE-2023-26141
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-ruby-extras-maintainers
mailing list