Showing 1 - 2 of 2

CVE-2022-30122

Status Candidate

Overview

A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.

Ubuntu Security Notice USN-5896-1: Posted Feb 28, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5896-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.; tags | advisory, remote, denial of service, arbitrary, shell; systems | linux, ubuntu; advisories | CVE-2022-30122, CVE-2022-30123; SHA-256 | af959d565a1afe5e24fd2d9a4c8e3f995e944acd8d8d9680416a97273359eee3; Download | Favorite | View

Red Hat Security Advisory 2022-7242-01: Posted Oct 31, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-7242-01 - Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-30122, CVE-2022-31163; SHA-256 | d41793cc00325114e030a5941e57f50c9490949e96cd2b0cb66962ed4e39a305; Download | Favorite | View

Page 1 of 1 Back 1 Next