ADVISORIES

• CVE-2023-50724 (NVD)
• GHSA-r8xx-8vm8-x6wj
• Vendor Advisory

GEM

resque

SEVERITY

CVSS v3.x: 6.3 (Medium)

PATCHED VERSIONS

• >= 2.1.0

DESCRIPTION

Impact

resque-web in resque versions before 2.1.0 is vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint.

Patches

v2.1.0

Workarounds

No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.

References

https://github.com/resque/resque/issues/1679 https://github.com/resque/resque/pull/1687

RELATED

• https://github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj
• https://github.com/resque/resque/issues/1679
• https://github.com/resque/resque/pull/1687
• https://github.com/resque/resque/commit/e8e2367fff6990d13109ec2483a456a05fbf9811
• https://github.com/advisories/GHSA-r8xx-8vm8-x6wj