CVE-2023-50725

Name of the Vulnerable Software and Affected Versions Resque versions prior to 2.2.1

Description The issue concerns a reflected XSS vulnerability in the resque-web component of the Resque library. Specifically, the vulnerability affects the following paths: "/failed/?class=" and "/queues/>". This allows for the execution of malicious scripts when a user clicks on a specially crafted link to the resque-web interface. To mitigate this risk, it is recommended not to click on third-party or untrusted links to the resque-web interface until the application is patched.

Recommendations For versions prior to 2.2.1, update to version 2.2.1 to resolve the issue. As a temporary workaround, consider avoiding the use of the vulnerable paths in the resque-web interface until a patch is applied. Additionally, restrict access to the resque-web interface to minimize the risk of exploitation.