GoogleOSV:GHSA-R8XX-8VM8-X6WJResque vulnerable to Reflected Cross Site Scripting through pathnames
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.8%
Impact
resque-web in resque versions before 2.1.0 is vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint.
Patches
v2.1.0
Workarounds
No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.
References
https://github.com/resque/resque/issues/1679
https://github.com/resque/resque/pull/1687
References
github.com/resque/resque
github.com/resque/resque/commit/e8e2367fff6990d13109ec2483a456a05fbf9811
github.com/resque/resque/issues/1679
github.com/resque/resque/pull/1687
github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj
github.com/rubysec/ruby-advisory-db/blob/master/gems/resque/CVE-2023-50724.yml
nvd.nist.gov/vuln/detail/CVE-2023-50724
Related
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.8%