Nixpkgs security tracker
Dismissed
(not in Nixpkgs)
Permalink
CVE-2026-44511
7.4 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
Katalyst Koi: Session cookies can be replayed after user logout
Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This vulnerability is fixed in 4.20.0 and 5.6.0.
References
-
https://github.com/katalyst/koi/security/advisories/GHSA-4cx3-3c38-j9vv x_refsource_CONFIRM
Affected products
koi
- ==>= 5.0.0 <= 5.6.0
- ==< 4.20.0
Matching in nixpkgs
pkgs.kdePackages.koi
Scheduling LIGHT/DARK Theme Converter for the KDE Plasma Desktop
pkgs.haskellPackages.haskoin-core
Bitcoin & Bitcoin Cash library for Haskell
pkgs.haskellPackages.haskoin-node
P2P library for Bitcoin and Bitcoin Cash
pkgs.haskellPackages.haskoin-store
Storage and index for Bitcoin and Bitcoin Cash
pkgs.haskellPackages.haskoin-wallet
Lightweight CLI wallet for Bitcoin and Bitcoin Cash
pkgs.haskellPackages.haskoin-store-data
Data for Haskoin Store
Package maintainers
-
@fnune Fausto Núñez Alberro <fausto.nunez@mailbox.org>