CVE-2022-23837

Опубликовано: 21 янв. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

Ссылки

https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md
Exploit
Third Party Advisory
https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
Patch
Third Party Advisory
https://github.com/rubysec/ruby-advisory-db/pull/495
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html
https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md
Exploit
Third Party Advisory
https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
Patch
Third Party Advisory
https://github.com/rubysec/ruby-advisory-db/pull/495
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*

Версия до 5.2.10 (исключая)

cpe:2.3:a:contribsys:sidekiq:*:*:*:*:*:*:*:*

Версия от 6.0.0 (включая) до 6.4.0 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.006

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

CVE-2022-23837

CVSS3: 7.5

ubuntu

около 4 лет назад

CVE-2022-23837

CVSS3: 7.5

redhat

около 4 лет назад

CVE-2022-23837

CVSS3: 7.5

debian

около 4 лет назад

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...

GHSA-jrfj-98qg-qjgv

CVSS3: 7.5

github

около 4 лет назад

Denial of service in sidekiq

EPSS

Процентиль: 69%

0.006

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770