CVE-2023-50724

Опубликовано: 21 дек. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 6.1

EPSS Низкий

Описание

Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.

Ссылки

https://github.com/resque/resque/issues/1679
Exploit
Issue Tracking
Mitigation
Third Party Advisory
https://github.com/resque/resque/pull/1687
Patch
https://github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj
Vendor Advisory
https://github.com/resque/resque/issues/1679
Exploit
Issue Tracking
Mitigation
Third Party Advisory
https://github.com/resque/resque/pull/1687
Patch
https://github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:resque:resque:*:*:*:*:*:ruby:*:*

Версия до 2.1.0 (исключая)

EPSS

Процентиль: 76%

0.00943

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-r8xx-8vm8-x6wj

CVSS3: 6.3

github

около 2 лет назад

Resque vulnerable to Reflected Cross Site Scripting through pathnames

EPSS

Процентиль: 76%

0.00943

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79