Description
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5530
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202310-18
Third Party Advisory
https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728
Vendor Advisory
https://security.netapp.com/advisory/ntap-20231208-0011/
Scores
CVSS v3
10.0
EPSS
0.0221
EPSS Percentile
84.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-150
Status
published
Products (3)
debian/debian_linux
11.0
rack_project/rack
< 2.0.9.1
rubygems/rack
0 - 2.0.9.1RubyGems
Published
Dec 05, 2022
Tracked Since
Feb 18, 2026