CVE-2022-30123: Improper Neutralization of Escape, Meta, or Control Sequences
(updated )
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
References
- discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728
- github.com/advisories/GHSA-wq4h-7r42-5hrr
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml
- groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
- nvd.nist.gov/vuln/detail/CVE-2022-30123
Detect and mitigate CVE-2022-30123 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →