Name of the Vulnerable Software and Affected Versions:

Resque versions prior to 2.2.1

Description:

The issue concerns a reflected XSS vulnerability in the resque-web component of the Resque library. Specifically, the vulnerability affects the following paths: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This allows for the execution of malicious scripts when a user clicks on a specially crafted link to the resque-web interface. To mitigate this risk, it is recommended not to click on third-party or untrusted links to the resque-web interface until the application is patched.

Recommendations:

For versions prior to 2.2.1, update to version 2.2.1 to resolve the issue. As a temporary workaround, consider avoiding the use of the vulnerable paths in the resque-web interface until a patch is applied. Additionally, restrict access to the resque-web interface to minimize the risk of exploitation.