{"id":"CVE-2023-26141","details":"Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.","aliases":["GHSA-3qc2-v3hp-6cv8"],"modified":"2026-05-19T11:55:49.091192175Z","published":"2023-09-14T05:00:00.986Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26141.json","cna_assigner":"snyk","cwe_ids":["CWE-400"]},"references":[{"type":"WEB","url":"https://gist.github.com/keeganparr1/1dffd3c017339b7ed5371ed3d81e6b2a"},{"type":"WEB","url":"https://github.com/sidekiq/sidekiq/blob/6-x/web/assets/javascripts/dashboard.js%23L6"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26141.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26141"},{"type":"FIX","url":"https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sidekiq/sidekiq","events":[{"introduced":"2e910db47bfcee814fe094156736b2e0dc5ebbd7"},{"fixed":"cb2c974f3db3a7c546ac86d6e187a00ae81cd665"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26141.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"}]}