VYPR
\" and \"/queu","datePublished":"2023-12-22T20:02:15.568Z","dateModified":"2024-08-02T22:16:47.164Z","publisher":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"author":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"proficiencyLevel":"Expert","about":{"@type":"Thing","@id":"https://nvd.nist.gov/vuln/detail/CVE-2023-50725","name":"CVE-2023-50725","identifier":"CVE-2023-50725","description":"Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: \"/failed/?class=\" and \"/queues/>\". This issue has been patched in version 2.2.1.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50725"]},"keywords":"CVE-2023-50725, moderate, CWE-233, CWE-79, Resque Resque","mentions":[{"@type":"SoftwareApplication","name":"Resque","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Resque"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2023-50725","item":"https://portal.vyprsec.ai/cves/CVE-2023-50725"}]}]}
Moderate severityNVD Advisory· Published Dec 22, 2023· Updated Aug 2, 2024

Resque vulnerable to reflected XSS in resque-web failed and queues lists

CVE-2023-50725

Description

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=" and "/queues/>". This issue has been patched in version 2.2.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
resqueRubyGems
< 2.2.12.2.1

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.