Candidate: CVE-2022-23837
PublicDate: 2022-01-21 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23837
 https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
 https://github.com/TUTUMSPACE/exploits/blob/main/sidekiq.md
Description:
 In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the
 number of days when requesting stats for the graph. This overloads the
 system, affecting the Web UI, and makes it unavailable to users.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_ruby-sidekiq:
upstream_ruby-sidekiq: needs-triage
trusty_ruby-sidekiq: ignored (out of standard support)
xenial_ruby-sidekiq: ignored (out of standard support)
bionic_ruby-sidekiq: needs-triage
focal_ruby-sidekiq: needs-triage
impish_ruby-sidekiq: needs-triage
jammy_ruby-sidekiq: needs-triage
devel_ruby-sidekiq: needs-triage