Insufficient Verification of Data Authenticity
CVE-2023-26141
Summary
Versions of the package sidekiq through 6.5.9 and 7.x through 7.1.2, are vulnerable to Denial of Service (DoS) due to insufficient checks in the "dashboard-charts.js" file. An attacker can exploit this vulnerability by manipulating the "localStorage" value, which will cause excessive polling requests.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- HIGH
- NONE
- HIGH
CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
References
Advisory Timeline
- Published