GMS-2022-1644: Duplicate of ./gem/rack/CVE-2022-30123.yml

May 27, 2022

Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack’s Lint middleware and CommonLogger middleware. These escape sequences can be leveraged to possibly execute commands in the victim’s terminal.

References

github.com/advisories/GHSA-wq4h-7r42-5hrr
github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml
groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Detect and mitigate GMS-2022-1644 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →