Merge branch 'rubysec:master' into add-check-indents-spec

Author: jasnow

gems/action_text-trix/GHSA-53p3-c7vp-4mcc.yml

@@ -0,0 +1,44 @@
+---
+gem: action_text-trix
+ghsa: 53p3-c7vp-4mcc
+url: https://github.com/basecamp/trix/security/advisories/GHSA-53p3-c7vp-4mcc
+title: Trix is vulnerable to XSS through JSON deserialization bypass
+  in drag-and-drop (Level0InputController)
+date: 2026-03-29
+description: |
+  ### Impact
+
+  The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS
+  when a crafted `application/x-trix-document` JSON payload is dropped
+  into the editor in environments using the fallback Level0InputController
+  (e.g., embedded WebViews lacking Input Events Level 2 support).
+
+  The `StringPiece.fromJSON` method trusted `href` attributes from the
+  JSON payload without sanitization. An attacker could craft a draggable
+  element containing a `javascript:` URI in the href attribute that,
+  when dropped into a vulnerable editor, would bypass DOMPurify
+  sanitization and inject executable JavaScript into the DOM.
+
+  Exploitation requires a specific environment (Level0InputController
+  fallback) and social engineering (victim must drag and drop
+  attacker-controlled content into the editor). Applications using
+  server-side HTML sanitization (such as Rails' built-in sanitizer)
+  are additionally protected, as the payload is neutralized on save.
+
+  ### Patches
+
+  Update Recommendation: Users should upgrade to Trix editor
+  version 2.1.18 or later.
+
+  ### References
+
+  The XSS vulnerability was responsibly reported by Hackerone
+  researcher [newbiefromcoma](https://hackerone.com/newbiefromcoma).
+patched_versions:
+  - ">= 2.1.18"
+related:
+  url:
+    - https://github.com/basecamp/trix/security/advisories/GHSA-53p3-c7vp-4mcc
+    - https://github.com/basecamp/trix/releases/tag/v2.1.18
+    - https://github.com/basecamp/trix/commit/9c0a993d9fc2ffe9d56b013b030bc238f9c0557c
+    - https://github.com/advisories/GHSA-53p3-c7vp-4mcc

gems/activestorage/CVE-2026-33658.yml

@@ -15,8 +15,8 @@ description: |
   ranges causes disproportionate CPU usage compared to a normal
   request for the same file, possibly resulting in a DoS vulnerability.
 patched_versions:
-  - "~> 7.2.3.1"
-  - "~> 8.0.4.1"
+  - "~> 7.2.3, >= 7.2.3.1"
+  - "~> 8.0.4, >= 8.0.4.1"
   - ">= 8.1.2.1"
 related:
   url:

gems/loofah/GHSA-46fp-8f5p-pf2m.yml

@@ -48,4 +48,7 @@ patched_versions:
 related:
   url:
     - https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m
+    - https://github.com/flavorjones/loofah/releases/tag/v2.25.1
+    - https://github.com/flavorjones/loofah/commit/f4ebc9c5193dde759a57541062e490e86fc7c068
+    - https://github.com/advisories/GHSA-2j22-pr5w-6gq8
     - https://github.com/advisories/GHSA-46fp-8f5p-pf2m

gems/mcp/CVE-2026-33946.yml

@@ -0,0 +1,53 @@
+---
+gem: mcp
+cve: 2026-33946
+ghsa: qvqr-5cv7-wh35
+url: https://github.com/modelcontextprotocol/ruby-sdk/security/advisories/GHSA-qvqr-5cv7-wh35
+title: MCP Ruby SDK - Insufficient Session Binding Allows SSE
+  Stream Hijacking via Session ID Replay
+date: 2026-03-27
+description: |
+  ### Summary
+
+  The Ruby SDK's [streamable_http_transport.rb](https://github.com/modelcontextprotocol/ruby-sdk/blob/main/lib/mcp/server/transports/streamable_http_transport.rb)
+  implementation contains a session hijacking vulnerability. An attacker
+  who obtains a valid session ID can completely hijack the victim's
+  Server-Sent Events (SSE) stream and intercept all real-time data.
+
+  ### Details
+
+  **Root Cause**
+
+  The StreamableHTTPTransport implementation stores only one SSE stream
+  object per session ID and lacks:
+
+  - Session-to-user identity binding
+  - Ownership validation when establishing SSE connections
+  - Protection against multiple simultaneous connections to the same session
+
+  ### Impact
+
+  While the absence of user binding may not pose immediate risks if
+  session IDs are not used to store sensitive data or state, the
+  fundamental purpose of session IDs is to maintain stateful connections.
+  If the SDK or its consumers utilize session IDs for sensitive operations
+  without proper user binding controls, this creates a potential security
+  vulnerability. For example: In the case of the Ruby SDK, the attacker
+  was able to hijack the stream and receive all the tool responses
+  belonging to the victim. The tool responses can be sensitive
+  confidential data.
+cvss_v3: 8.2
+patched_versions:
+  - ">= 0.9.2"
+related:
+  url:
+    - https://www.cve.org/CVERecord?id=CVE-2026-33946
+    - https://github.com/modelcontextprotocol/ruby-sdk/releases/tag/v0.9.2
+    - https://github.com/modelcontextprotocol/ruby-sdk/security/advisories/GHSA-qvqr-5cv7-wh35
+    - https://github.com/modelcontextprotocol/ruby-sdk/blob/main/examples/streamable_http_server.rb
+    - https://github.com/modelcontextprotocol/ruby-sdk/commit/db40143402d65b4fb6923cec42d2d72cb89b3874
+    - https://hackerone.com/reports/3556146
+    - https://github.com/modelcontextprotocol/csharp-sdk/blob/main/src/ModelContextProtocol.AspNetCore/SseHandler.cs#L93-L97
+    - https://github.com/modelcontextprotocol/go-sdk/blob/main/mcp/streamable.go#L281C1-L288C2
+    - https://github.com/modelcontextprotocol/python-sdk/blob/main/src/mcp/server/streamable_http.py#L680-L685
+    - https://github.com/advisories/GHSA-qvqr-5cv7-wh35

gems/ruby-lsp/CVE-2026-34060.yml

@@ -0,0 +1,58 @@
+---
+gem: ruby-lsp
+cve: 2026-34060
+ghsa: c4r5-fxqw-vh93
+url: https://github.com/Shopify/ruby-lsp/security/advisories/GHSA-c4r5-fxqw-vh93
+title: Ruby LSP has arbitrary code execution through branch setting
+date: 2026-03-27
+description: |
+
+  ## Summary
+
+  The `rubyLsp.branch` VS Code workspace setting was interpolated without
+  sanitization into a generated Gemfile, allowing arbitrary Ruby code
+  execution when a user opens a project containing a malicious
+  `.vscode/settings.json`.
+
+  Other editors that support workspace setting that get automatically
+  applied upon opening the editor and trusting the workspace are also
+  impacted since the server is the component that performs the interpolation.
+
+  ## Details
+
+  The `branch` CLI argument passed to the `ruby-lsp` server was
+  interpolated in the generated `.ruby-lsp/Gemfile` without sanitization.
+   Editors that allow defining settings saved at the workspace level
+  (e.g.: `.vscode/settings.json`) that gets automatically applied open
+  the possibility to craft a malicious repository that once opened and
+  trusted in the editor would run arbitrary code.
+
+  ## Impact
+
+  Code execution with the privileges of the user who opens the malicious
+  project. Ruby LSP assumes workspace code is trusted and so opening
+  the editor on an untrusted workspace can lead to executing potentially
+  dangerous code.
+
+  ## Remediation
+
+  The `rubyLsp.branch` setting has been removed entirely. VS Code extensions
+  auto-update by default, so most users will receive the fix without
+  action. Users who have disabled auto-updates should update to extension
+  version >= 0.10.2.
+
+  The `branch` CLI flag was also entirely removed from the `ruby-lsp`
+  gem. For users that don't add `ruby-lsp` to their Gemfiles, the
+  server should auto-update. Users with the `ruby-lsp` in the Gemfile
+  and locked to a specific version should update to >= 0.26.9.
+cvss_v2: 7.5
+cvss_v3: 9.8
+cvss_v4: 7.1
+patched_versions:
+  - ">= 0.26.9"
+related:
+  url:
+    - https://www.tenable.com/cve/CVE-2026-34060
+    - https://github.com/Shopify/ruby-lsp/security/advisories/GHSA-c4r5-fxqw-vh93
+    - https://github.com/Shopify/ruby-lsp/releases/tag/v0.26.9
+    - https://github.com/advisories/GHSA-c4r5-fxqw-vh93