-
-
Notifications
You must be signed in to change notification settings - Fork 236
Expand file tree
/
Copy pathCVE-2025-67202.yml
More file actions
23 lines (23 loc) · 889 Bytes
/
Copy pathCVE-2025-67202.yml
File metadata and controls
23 lines (23 loc) · 889 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
---
gem: sidekiq-cron
cve: 2025-67202
ghsa: xv9c-mjw8-79gf
url: https://github.com/advisories/GHSA-xv9c-mjw8-79gf
title: Sidekiq-cron is vulnerable to a cross-site scripting (xss)
vulnerability via crafted URL
date: 2026-05-07
description: |
Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq,
is vulnerable to a cross-site scripting (xss) vulnerability via
crafted URL being rended from cron.erb.
cvss_v3: 6.1
patched_versions:
- ">= 2.4.0"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2025-67202
- https://github.com/sidekiq-cron/sidekiq-cron/releases/tag/v2.4.0
- https://github.com/sidekiq-cron/sidekiq-cron/pull/568
- https://github.com/sidekiq-cron/sidekiq-cron/commit/7b4ae4822f93ef4646f5cb55500ca4e25662db7c
- https://github.com/sidekiq-cron/sidekiq-cron/issues/569
- https://github.com/advisories/GHSA-xv9c-mjw8-79gf