CVE-2023-50725

Опубликовано: 22 дек. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 6.1

EPSS Низкий

Описание

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=" and "/queues/>". This issue has been patched in version 2.2.1.

Ссылки

https://github.com/resque/resque/commit/ee99d2ed6cc75d9d384483b70c2d96d312115f07
Patch
https://github.com/resque/resque/pull/1790
Patch
https://github.com/resque/resque/security/advisories/GHSA-gc3j-vvwf-4rp8
Patch
Vendor Advisory
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resque/CVE-2023-50725.yml
Third Party Advisory
https://github.com/resque/resque/commit/ee99d2ed6cc75d9d384483b70c2d96d312115f07
Patch
https://github.com/resque/resque/pull/1790
Patch
https://github.com/resque/resque/security/advisories/GHSA-gc3j-vvwf-4rp8
Patch
Vendor Advisory
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resque/CVE-2023-50725.yml
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:resque:resque:*:*:*:*:*:ruby:*:*

Версия до 2.2.1 (исключая)

EPSS

Процентиль: 71%

0.00657

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-50725

CVSS3: 6.3

redhat

около 2 лет назад

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This issue has been patched in version 2.2.1.

GHSA-gc3j-vvwf-4rp8

CVSS3: 6.3

github

около 2 лет назад

Resque vulnerable to reflected XSS in resque-web failed and queues lists

EPSS

Процентиль: 71%

0.00657

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79