Updated advisory posts against rubysec/ruby-advisory-db@997e12f

jasnow · RubySec CI · commit 548078d425e1 · 2026-05-19T07:31:50.000Z
diff --git a/advisories/_posts/2026-05-07-CVE-2025-67202.md b/advisories/_posts/2026-05-07-CVE-2025-67202.md
@@ -0,0 +1,31 @@
+---
+layout: advisory
+title: 'CVE-2025-67202 (sidekiq-cron): Sidekiq-cron is vulnerable to a cross-site
+  scripting (xss) vulnerability via crafted URL'
+comments: false
+categories:
+- sidekiq-cron
+advisory:
+  gem: sidekiq-cron
+  cve: 2025-67202
+  ghsa: xv9c-mjw8-79gf
+  url: https://github.com/advisories/GHSA-xv9c-mjw8-79gf
+  title: Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability
+    via crafted URL
+  date: 2026-05-07
+  description: |-
+    Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq,
+    is vulnerable to a cross-site scripting (xss) vulnerability via crafted
+    URL being rended from cron.erb.
+  cvss_v3: 6.1
+  patched_versions:
+  - ">= 2.4.0"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-67202
+    - https://github.com/sidekiq-cron/sidekiq-cron/releases/tag/v2.4.0
+    - https://github.com/sidekiq-cron/sidekiq-cron/pull/568
+    - https://github.com/sidekiq-cron/sidekiq-cron/commit/7b4ae4822f93ef4646f5cb55500ca4e25662db7c
+    - https://github.com/sidekiq-cron/sidekiq-cron/issues/569
+    - https://github.com/advisories/GHSA-xv9c-mjw8-79gf
+---
