Browse all 3 CVE security advisories affecting resque. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Resque is a Redis-backed background job processing system primarily used for queuing and managing asynchronous tasks in Ruby applications. Historically, it has been susceptible to remote code execution vulnerabilities through unsafe object deserialization and insecure configuration settings, along with cross-site scripting issues in web interfaces. Privilege escalation risks have also been documented through improper access controls. While no major public security incidents have been widely reported, the three CVEs highlight persistent concerns around input validation and secure deserialization practices. Its Redis dependency introduces additional attack surfaces if not properly secured, making input sanitization and secure configuration critical for safe deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-50727 | Resque vulnerable to reflected XSS in Queue Endpoint — resqueCWE-79 | 6.3 | Medium | 2023-12-22 |
| CVE-2023-50725 | Resque vulnerable to reflected XSS in resque-web failed and queues lists — resqueCWE-79 | 6.3 | Medium | 2023-12-22 |
| CVE-2023-50724 | Resque vulnerable to reflected cross site scripting through pathname — resqueCWE-79 | 6.3 | Medium | 2023-12-21 |
This page lists every published CVE security advisory associated with resque. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.