VDB

DEBIAN-CVE-2022-23837

DEBIAN-CVE-2022-23837 PUBLISHED CVSS 7.5 HIGH

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:12ruby-sidekiq0, 0, 0
Debian:13ruby-sidekiq0, 0, 0
Debian:11ruby-sidekiq6.0.4+dfsg-2, 0, 6.0.4+dfsg-2
Debian:14ruby-sidekiq0, 0, 0

Timeline

  • Jan 21, 2022 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›