GHSA-pfr9-2p92-qrhq: Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

GHSA-jqfv-jrvq-95jm: Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability

GHSA-9722-9j67-vjcr: Improper Authorization in Select Permissions

GHSA-qjrv-v6qp-x99x: SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

GHSA-f3cx-396f-7jqp: Livewire Remote Code Execution on File Uploads

### Impact

resque-web in resque versions before 2.1.0 is vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint.

### Patches

v2.1.0

### Workarounds

No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.

### References
https://github.com/resque/resque/issues/1679
https://github.com/resque/resque/pull/1687


**Resque vulnerable to Reflected Cross Site Scripting through pathnames**

Moderate severity GitHub Reviewed Published Dec 18, 2023 in resque/resque • Updated Dec 18, 2023

Headline

GHSA-r8xx-8vm8-x6wj: Resque vulnerable to Reflected Cross Site Scripting through pathnames

Impact

Patches

Workarounds

References

ghsa: Latest News