Sequence Injection Vulnerability in Rack Web Server Versions
CVE-2022-30123

10CRITICAL

Key Information:

Vendor: Rack Project
Status: Https://github.com/rack/rack
Vendor: CVE Published:; 5 December 2022

What is CVE-2022-30123?

A sequence injection vulnerability exists in specific versions of Rack, which could allow for potential shell escapes in the Lint and CommonLogger components. This vulnerability affects versions prior to 2.0.9.1, 2.1.4.1, and 2.2.3.1, posing security risks for applications utilizing Rack for handling web requests. Proper mitigation and upgrading to patched versions are essential to secure your environment.

Affected Version(s)

https://github.com/rack/rack 2.0.9.1, 2.1.4.1, 2.2.3.1

References

https://discuss.rubyonrails.org/t/cve-2022-30123-possible...

https://www.debian.org/security/2023/dsa-5530

vendor-advisory

https://security.gentoo.org/glsa/202310-18

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 5, 2022
Vulnerability Reserved
May 2, 2022

Rack Project

What is CVE-2022-30123?

Affected Version(s)

References

CVSS V3.1

Timeline