CVE-2023-50727

Name of the Vulnerable Software and Affected Versions Resque versions prior to 2.6.0

Description A reflected XSS issue occurs when the /queues endpoint is appended with malicious input, such as "><svg onload=alert(domain)>. This allows for cross-site scripting attacks. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. The /queues endpoint is vulnerable, specifically the current queue portion of the path.

Recommendations For versions prior to 2.6.0, update to version 2.6.0 to resolve the issue. As a temporary workaround, consider avoiding clicks on third-party or untrusted links to the resque-web interface until the application is patched. Restrict access to the /queues endpoint to minimize the risk of exploitation. Avoid using untrusted input in the current queue portion of the path until the issue is resolved.