High severityNVD Advisory· Published Jan 21, 2022· Updated Aug 3, 2024
CVE-2022-23837
CVE-2022-23837
Description
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sidekiqRubyGems | >= 6.0.0, < 6.4.0 | 6.4.0 |
sidekiqRubyGems | < 5.2.10 | 5.2.10 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-jrfj-98qg-qjgvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23837ghsaADVISORY
- github.com/TUTUMSPACE/exploits/blob/main/sidekiq.mdghsaWEB
- github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956ghsaWEB
- github.com/rubysec/ruby-advisory-db/pull/495ghsaWEB
- lists.debian.org/debian-lts-announce/2022/03/msg00015.htmlghsamailing-listWEB
- lists.debian.org/debian-lts-announce/2023/03/msg00011.htmlmitremailing-list
News mentions
0No linked articles in our index yet.