CVE-2023-50727: 
Ruby vulnerability analysis and mitigation

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. A reflected XSS vulnerability was discovered that occurs when /queues is appended with /">. The vulnerability affects versions prior to 2.6.0 and has been patched in version 2.6.0 (GitHub Advisory).

The vulnerability exists in the queue endpoint of resque-web where the current_queue portion of the path can be manipulated to perform a reflected cross-site scripting attack. The issue stems from insufficient sanitization of user input in the queues.erb view template. The vulnerability has been assigned CVE-2023-50727 with a CVSS v3.1 base score of 6.1 (Medium) according to NVD, and 6.3 (Medium) according to GitHub (NVD, GitHub Advisory).

A successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of other users' browsers who access the manipulated queue URL. This could potentially lead to session hijacking, data theft, or other malicious actions performed in the context of the victim's session (GitHub Advisory).

The vulnerability has been fixed in Resque version 2.6.0. Users are strongly recommended to upgrade to this version or later. There are no known workarounds, and it is recommended not to click on third-party or untrusted links to the resque-web interface until the application has been patched (GitHub Advisory).