Vulnerabilities > CVE-2023-50724 - Unspecified vulnerability in Resque
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.
Vulnerable Configurations
References
- https://github.com/resque/resque/issues/1679
- https://github.com/resque/resque/issues/1679
- https://github.com/resque/resque/pull/1687
- https://github.com/resque/resque/pull/1687
- https://github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj
- https://github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj