CVE-2023-50724 Information

Description

Resque (pronounced like escue) is a Redis-backed library for creating background jobs placing those jobs on multiple queues and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.

Reference

https://github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj https://github.com/resque/resque/issues/1679 https://github.com/resque/resque/pull/1687