Vulnerabilities > Contribsys

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-37279 Allocation of Resources Without Limits or Throttling vulnerability in Contribsys Faktory
Faktory is a language-agnostic persistent background job server.
network
low complexity
contribsys CWE-770
7.5
2023-09-14 CVE-2023-26141 Insufficient Verification of Data Authenticity vulnerability in Contribsys Sidekiq
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file.
network
low complexity
contribsys CWE-345
4.9
2023-04-21 CVE-2023-1892 Cross-site Scripting vulnerability in Contribsys Sidekiq 7.0.4
Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.
network
low complexity
contribsys CWE-79
critical
9.6
2022-01-21 CVE-2022-23837 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph.
network
low complexity
contribsys debian CWE-770
7.5
2021-04-06 CVE-2021-30151 Cross-site Scripting vulnerability in multiple products
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
network
low complexity
contribsys debian CWE-79
6.1