CVE-2022-30123

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-30123
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30123.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-30123
Aliases
Downstream
Related
Published
2022-12-05T22:15:10.280Z
Modified
2026-04-02T07:56:55.372078Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.

References

Affected packages

Git / github.com/rack/rack

Affected ranges

Type
GIT
Repo
https://github.com/rack/rack
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f9cc7c2ae161820e36635734cff6e932d99e6aa8
Introduced
879ae7163a399a9ed36d876668f4ecae4ae8b9e4
Fixed
374f89aaa9ee5dc1de0802bfecce988cabfa3ead
Introduced
39d501a28c1fe51284addfe6dacffafb69d49849
Fixed
925a4a6599ab26b4f3455b525393fe155d443655
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.9.1"
        },
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.1.4.1"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "fixed": "2.2.3.1"
        }
    ]
}

Affected versions

0.*
0.1
0.2
0.3
0.4
0.9
0.9.1
1.*
1.0
1.0.1
1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.3.0
1.3.0.beta
1.3.0.beta2
1.3.1
1.3.10
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.6.0
1.6.0.beta
1.6.0.beta2
1.6.1
1.6.10
1.6.11
1.6.12
1.6.13
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
2.*
2.0.0
2.0.0.alpha
2.0.0.rc1
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.2.0
2.2.3
3.*
3.0.0
3.0.0.beta1
3.0.0.rc1
Other
test
v2.*
v2.2.1
v2.2.2
v3.*
v3.0.1
v3.0.10
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.18
v3.0.2
v3.0.3
v3.0.4
v3.0.4.1
v3.0.4.2
v3.0.5
v3.0.6
v3.0.6.1
v3.0.7
v3.0.8
v3.0.9
v3.0.9.1
v3.1.0
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.13
v3.1.14
v3.1.15
v3.1.16
v3.1.17
v3.1.18
v3.1.19
v3.1.2
v3.1.20
v3.1.21
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30123.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]