CVE-2022-23837

NameCVE-2022-23837
DescriptionIn api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2943-1
Debian Bugs1004193

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-sidekiq (PTS)buster5.2.3+dfsg-1vulnerable
bullseye6.0.4+dfsg-2vulnerable
bookworm, sid6.4.1+dfsg-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-sidekiqsourcestretch4.2.3+dfsg-1+deb9u1DLA-2943-1
ruby-sidekiqsource(unstable)(unfixed)1004193

Notes

https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0)

Search for package or bug name: Reporting problems