Niels

**Name of the Vulnerable Software and Affected Versions** cron-utils versions up to 9.1.2 **Description** A template injection issue was identified in cron-utils, enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE). This issue affects projects using the `@Cron` annotation to validate untrusted Cron expressions. **Recommendations** For versions up to 9.1.2, please upgrade to version 9.1.6 to resolve the issue. As a temporary workaround, consider avoiding the use of the `@Cron` annotation to validate untrusted Cron expressions until the patch is applied. There are no known workarounds other than upgrading to the patched version.