ADVISORIES
GEM
SEVERITY
CVSS v3.x: 6.3 (Medium)
PATCHED VERSIONS
- >= 2.6.0
DESCRIPTION
Impact
Reflected XSS can be performed using the current_queue portion of the path on the /queues endpoint of resque-web.
Patches
v2.6.0
Workarounds
No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.
References
https://github.com/resque/resque/pull/1865