{"id":"CVE-2022-30122","details":"A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.","aliases":["GHSA-hxqx-xwvh-44m2"],"modified":"2026-04-10T04:47:28.551659Z","published":"2022-12-05T22:15:10.227Z","related":["MGASA-2022-0252","SUSE-SU-2022:2192-1","SUSE-SU-2022:2526-1","openSUSE-SU-2024:12119-1","openSUSE-SU-2024:12397-1","openSUSE-SU-2024:12974-1","openSUSE-SU-2024:13167-1","openSUSE-SU-2024:13726-1","openSUSE-SU-2024:13727-1","openSUSE-SU-2025:14811-1","openSUSE-SU-2025:14875-1","openSUSE-SU-2026:10286-1","openSUSE-SU-2026:10358-1"],"references":[{"type":"ADVISORY","url":"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-18"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231208-0012/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5530"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rack/rack","events":[{"introduced":"2ed515786322059f568c8a9df77a6e4b70f09225"},{"fixed":"f9cc7c2ae161820e36635734cff6e932d99e6aa8"},{"introduced":"879ae7163a399a9ed36d876668f4ecae4ae8b9e4"},{"fixed":"374f89aaa9ee5dc1de0802bfecce988cabfa3ead"},{"introduced":"39d501a28c1fe51284addfe6dacffafb69d49849"},{"fixed":"925a4a6599ab26b4f3455b525393fe155d443655"}],"database_specific":{"versions":[{"introduced":"1.2"},{"fixed":"2.0.9.1"},{"introduced":"2.1.0"},{"fixed":"2.1.4.1"},{"introduced":"2.2.0"},{"fixed":"2.2.3.1"}]}}],"versions":["2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.3","v2.2.1","v2.2.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30122.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}