← Back

CVE-2022-30123

nvd nist
Published: Dec 5, 2022Modified: Nov 21, 2024

JSON object

Loading...
10.0
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 6.0
Source: NVD

Description

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.

Affected (4)

Rack Project
1 product
Rack
Debian
1 product
Debian Linux
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Rack Project
Rack
Before 2.0.9.1
Rack
From 2.1.0 to 2.1.4.1
Rack
From 2.2.0 to 2.2.3.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 11.0

Related CWEs

CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

References (8)

Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
Source: support@hackerone.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.