Описание
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0.
A cross-site scripting flaw was found in Resque due to improper validation of user-supplied input by the Queue Endpoint. This issue could allow a remote authenticated attacker to use a specially crafted URL to execute script in a victim's web browser within the security context of the hosting web site once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Will not fix |
Показывать по
Дополнительная информация
Статус:
6.3 Medium
CVSS3
Связанные уязвимости
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0.
Resque vulnerable to reflected XSS in Queue Endpoint
6.3 Medium
CVSS3