Skip to main content

Insufficient Verification of Data Authenticity

CVE-2023-26141

Severity Medium
Score 4.9/10

Summary

Versions of the package sidekiq through 6.5.9 and 7.x through 7.1.2, are vulnerable to Denial of Service (DoS) due to insufficient checks in the "dashboard-charts.js" file. An attacker can exploit this vulnerability by manipulating the "localStorage" value, which will cause excessive polling requests.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • HIGH
  • NONE
  • HIGH

CWE-345 - Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Advisory Timeline

  • Published