CVE-2022-30123

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.0.9.1 Rack versions prior to 2.1.4.1 Rack versions prior to 2.2.3.1

Description A sequence injection vulnerability exists in Rack, which could allow a possible shell escape in the Lint and CommonLogger components. This issue is related to incorrect input validation when processing data passed through the Rack Lint and CommonLogger middleware. Exploitation of the vulnerability may allow a remote attacker to transmit specially crafted data to the application and execute arbitrary OS commands on the target system. Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack's Lint middleware and CommonLogger middleware, which can be leveraged to possibly execute commands in the victim's terminal.

Recommendations For versions prior to 2.0.9.1, update to version 2.0.9.1 or later. For versions prior to 2.1.4.1, update to version 2.1.4.1 or later. For versions prior to 2.2.3.1, update to version 2.2.3.1 or later. As a temporary workaround, consider removing the Rack::Lint and Rack::CommonLogger middleware from your application.