Resque is a Redis-backed Ruby library for creating background jobs,
placing those jobs on multiple queues, and processing them later.
Background jobs can be any Ruby class or module that responds to
perform. Your existing classes can easily be converted to background
jobs or you can create new classes specifically to do work. Or, you
can do both.
Resque is heavily inspired by DelayedJob (which rocks) and is
comprised of three parts:
* A Ruby library for creating, querying, and processing jobs
* A Rake task for starting a worker which processes jobs
* A Sinatra app for monitoring queues, jobs, and workers.
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /">
CVE-2023-50727 - Medium Severity Vulnerability
Vulnerable Library - resque-2.0.0.gem
Resque is a Redis-backed Ruby library for creating background jobs, placing those jobs on multiple queues, and processing them later. Background jobs can be any Ruby class or module that responds to perform. Your existing classes can easily be converted to background jobs or you can create new classes specifically to do work. Or, you can do both. Resque is heavily inspired by DelayedJob (which rocks) and is comprised of three parts: * A Ruby library for creating, querying, and processing jobs * A Rake task for starting a worker which processes jobs * A Sinatra app for monitoring queues, jobs, and workers.
Library home page: https://rubygems.org/gems/resque-2.0.0.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy: - :x: **resque-2.0.0.gem** (Vulnerable Library)
Found in HEAD commit: 3a3902efe3788aa4f5410d439175653e42f854e6
Found in base branch: main
Vulnerability Details
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /">
CVSS 3 Score Details (6.3)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/resque/resque/security/advisories/GHSA-r9mq-m72x-257g
Release Date: 2023-12-12
Fix Resolution: resque - 2.6.0
Step up your Open Source Security Game with Mend here