Updated advisory posts against rubysec/ruby-advisory-db@bc3e9f0

Author: postmodern

advisories/_posts/2023-04-21-CVE-2023-1892.md

@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: 'CVE-2023-1892 (sidekiq): sidekiq vulnerable to cross-site scripting '
+title: 'CVE-2023-1892 (sidekiq): sidekiq vulnerable to cross-site scripting'
 comments: false
 categories:
 - sidekiq
@@ -9,7 +9,7 @@ advisory:
   cve: 2023-1892
   ghsa: h3r8-h5qw-4r35
   url: https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214
-  title: 'sidekiq vulnerable to cross-site scripting '
+  title: sidekiq vulnerable to cross-site scripting
   date: 2023-04-21
   description: |
     sidekiq from 7.0.4 to 7.0.7 is vulnerable to reflected cross-site scripting.

advisories/_posts/2024-04-26-CVE-2024-32887.md

@@ -0,0 +1,28 @@
+---
+layout: advisory
+title: 'CVE-2024-32887 (sidekiq): Reflected XSS in Metrics Web Page'
+comments: false
+categories:
+- sidekiq
+advisory:
+  gem: sidekiq
+  cve: 2024-32887
+  ghsa: GHSA-q655-3pj8-9fxq
+  url: https://github.com/sidekiq/sidekiq/security/advisories/GHSA-q655-3pj8-9fxq
+  title: Reflected XSS in Metrics Web Page
+  date: 2024-04-26
+  description: |
+    Reflected XSS in Sidekiq Web UI via the `/metrics` HTTP end-point and the
+    `substr` query param:
+
+        https://{host}/sidekiq/metrics?substr=foot%22%3E%3Cscript%20src=%22{payload}
+  cvss_v3: 5.5
+  unaffected_versions:
+  - "< 7.2.0"
+  patched_versions:
+  - ">= 7.2.4"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-32887
+    - https://github.com/sidekiq/sidekiq/commit/30786e082c70349ab27ffa9eccc42fb0c696164d
+---