Updated advisory posts against rubysec/ruby-advisory-db@c648bbf

jasnow · RubySec CI · commit 8373460defd3 · 2026-05-19T07:50:56.000Z
diff --git a/advisories/_posts/2026-04-17-CVE-2026-41493.md b/advisories/_posts/2026-04-17-CVE-2026-41493.md
@@ -0,0 +1,50 @@
+---
+layout: advisory
+title: 'CVE-2026-41493 (yard): Possible arbitrary path traversal and file access via
+  yard server'
+comments: false
+categories:
+- yard
+advisory:
+  gem: yard
+  cve: 2026-41493
+  ghsa: 3jfp-46x4-xgfj
+  url: https://github.com/lsegal/yard/security/advisories/GHSA-3jfp-46x4-xgfj
+  title: Possible arbitrary path traversal and file access via yard server
+  date: 2026-04-17
+  description: |-
+    ### Impact
+
+    A path traversal vulnerability was discovered in YARD <= 0.9.41 when
+    using yard server to serve documentation. This bug would allow
+    unsanitized HTTP requests to access arbitrary files on the machine
+    of a yard server host under certain conditions.
+
+    The original patch in [GHSA-xfhh-rx56-rxcr](https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr)
+    was incorrectly applied.
+
+    ### Patches
+
+    Please upgrade to YARD v0.9.42 immediately if you are relying on
+    yard server to host documentation in any untrusted environments
+    without WEBrick and rely on `--docroot`.
+
+    ### Workarounds
+
+    For users who cannot upgrade, it is possible to perform path
+    sanitization of HTTP requests at your webserver level. WEBrick,
+    for example, can perform such sanitization by default (which
+    you can use via yard server -s webrick), as can certain rules
+    in your webserver configuration.
+  cvss_v3: 7.5
+  cvss_v4: 6.9
+  patched_versions:
+  - ">= 0.9.42"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2026-41493
+    - https://github.com/lsegal/yard/releases/tag/v0.9.42
+    - https://github.com/lsegal/yard/security/advisories/GHSA-3jfp-46x4-xgfj
+    - https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr
+    - https://github.com/advisories/GHSA-3jfp-46x4-xgfj
+---
diff --git a/advisories/_posts/2026-05-07-CVE-2025-67202.md b/advisories/_posts/2026-05-07-CVE-2025-67202.md
@@ -15,8 +15,8 @@ advisory:
   date: 2026-05-07
   description: |-
     Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq,
-    is vulnerable to a cross-site scripting (xss) vulnerability via crafted
-    URL being rended from cron.erb.
+    is vulnerable to a cross-site scripting (xss) vulnerability via
+    crafted URL being rended from cron.erb.
   cvss_v3: 6.1
   patched_versions:
   - ">= 2.4.0"
diff --git a/advisories/_posts/2026-05-07-CVE-2026-44511.md b/advisories/_posts/2026-05-07-CVE-2026-44511.md
@@ -0,0 +1,55 @@
+---
+layout: advisory
+title: 'CVE-2026-44511 (katalyst-koi): Session cookies can be replayed after user
+  logout'
+comments: false
+categories:
+- katalyst-koi
+advisory:
+  gem: katalyst-koi
+  cve: 2026-44511
+  ghsa: 4cx3-3c38-j9vv
+  url: https://github.com/katalyst/koi/security/advisories/GHSA-4cx3-3c38-j9vv
+  title: Session cookies can be replayed after user logout
+  date: 2026-05-07
+  description: |-
+    ### Impact
+
+    Admin session cookies were not invalidated when an admin user logged
+    out. An attacker with access to a valid admin session cookie could
+    continue to access admin functionality after logout, until the
+    cookie expired or session secrets were rotated.
+
+    This affects applications using Koi admin authentication where an
+    admin session cookie may have been exposed, cached, intercepted, or
+    otherwise retained after logout.
+
+    ### Patches
+
+    The issue has been patched by recording admin logout time and
+    rejecting any admin session cookie created before the user’s
+    most recent logout.
+
+    Users should upgrade to the patched Koi releases once available.
+
+    ### Workarounds
+
+    Katalyst Koi recommends upgrading to the latest available version,
+    or back porting the changes released in 5.6.0/4.20.0
+
+    ### Resources
+
+    This is an application of https://guides.rubyonrails.org/v5.2.0/security.html#replay-attacks-for-cookiestore-sessions .
+  cvss_v3: 7.4
+  patched_versions:
+  - "~> 4.20.0"
+  - ">= 5.6.0"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2026-44511
+    - https://github.com/katalyst/koi/commit/606b33c140a61b1a2b37878ca7504741ec68df33
+    - https://github.com/katalyst/koi/commit/fdbfb404a9500f7fed33e03ab2eb7c2578f9652c
+    - https://github.com/katalyst/koi/security/advisories/GHSA-4cx3-3c38-j9vv
+    - https://guides.rubyonrails.org/v5.2.0/security.html#replay-attacks-for-cookiestore-sessions
+    - https://github.com/advisories/GHSA-4cx3-3c38-j9vv
+---
