7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
sidekiq is vulnerable to denial of service. The library does not properly validate the days
parameter when requesting stats for the graph, allowing an attacker to cause an application crash.
github.com/advisories/GHSA-jrfj-98qg-qjgv
github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
github.com/rubysec/ruby-advisory-db/pull/495
github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md
lists.debian.org/debian-lts-announce/2022/03/msg00015.html
lists.debian.org/debian-lts-announce/2023/03/msg00011.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P