Denial of Service Vulnerability in Rack Software by Ruby
CVE-2022-30122

7.5HIGH

Key Information:

Vendor: Rack Project
Status: Https://github.com/rack/rack
Vendor: CVE Published:; 5 December 2022

What is CVE-2022-30122?

A vulnerability in Rack's multipart parsing component has been identified, which could lead to denial of service under certain conditions. Versions prior to 2.0.9.1, 2.1.4.1, and 2.2.3.1 are affected. This security issue may allow attackers to disrupt service availability, making it essential for users to apply recommended updates to mitigate potential risks.

Affected Version(s)

https://github.com/rack/rack 2.0.9.1, 2.1.4.1, 2.2.3.1

References

https://discuss.rubyonrails.org/t/cve-2022-30122-denial-o...

https://www.debian.org/security/2023/dsa-5530

vendor-advisory

https://security.gentoo.org/glsa/202310-18

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2022
Vulnerability Reserved
May 2, 2022

Rack Project

What is CVE-2022-30122?

Affected Version(s)

References

CVSS V3.1

Timeline