Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Resque vulnerable to reflected cross site scripting through pathname
Vulnerability Description
Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Resque 跨站脚本漏洞
Vulnerability Description
Resque Scheduler是Resque开源的一个基于 Resque 构建的轻量级作业调度系统。 Resque 2.1.0之前版本存在跨站脚本漏洞,该漏洞源于容易通过队列端点路径中的current_queue参数受到反射型跨站脚本(XSS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A