The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=alert(okie)" and "/queues/>". Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. This issue has been patched in version 2.6.0. Reflected XSS issue occurs when /queues is appended with /">. For example, JWE can sometimes be used to bypass JSON::JWT.decode. The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. This issue can lead to a denial of service (DOS) by memory exhaustion. A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |