{"id":"CVE-2022-30123","details":"A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.","aliases":["GHSA-wq4h-7r42-5hrr"],"modified":"2026-04-02T07:56:55.372078Z","published":"2022-12-05T22:15:10.280Z","related":["MGASA-2022-0252","SUSE-SU-2022:2192-1","SUSE-SU-2022:2526-1","openSUSE-SU-2024:12119-1","openSUSE-SU-2024:12397-1","openSUSE-SU-2024:12974-1","openSUSE-SU-2024:13167-1","openSUSE-SU-2024:13726-1","openSUSE-SU-2024:13727-1","openSUSE-SU-2025:14811-1","openSUSE-SU-2025:14875-1","openSUSE-SU-2026:10286-1","openSUSE-SU-2026:10358-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5530"},{"type":"ADVISORY","url":"https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-18"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231208-0011/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rack/rack","events":[{"introduced":"0"},{"fixed":"f9cc7c2ae161820e36635734cff6e932d99e6aa8"},{"introduced":"879ae7163a399a9ed36d876668f4ecae4ae8b9e4"},{"fixed":"374f89aaa9ee5dc1de0802bfecce988cabfa3ead"},{"introduced":"39d501a28c1fe51284addfe6dacffafb69d49849"},{"fixed":"925a4a6599ab26b4f3455b525393fe155d443655"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.9.1"},{"introduced":"2.1.0"},{"fixed":"2.1.4.1"},{"introduced":"2.2.0"},{"fixed":"2.2.3.1"}]}}],"versions":["0.1","0.2","0.3","0.4","0.9","0.9.1","1.0","1.0.1","1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.2","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.3.0","1.3.0.beta","1.3.0.beta2","1.3.1","1.3.10","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.0.beta","1.6.0.beta2","1.6.1","1.6.10","1.6.11","1.6.12","1.6.13","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","2.0.0","2.0.0.alpha","2.0.0.rc1","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.3","3.0.0","3.0.0.beta1","3.0.0.rc1","test","v2.2.1","v2.2.2","v3.0.1","v3.0.10","v3.0.12","v3.0.13","v3.0.14","v3.0.15","v3.0.16","v3.0.17","v3.0.18","v3.0.2","v3.0.3","v3.0.4","v3.0.4.1","v3.0.4.2","v3.0.5","v3.0.6","v3.0.6.1","v3.0.7","v3.0.8","v3.0.9","v3.0.9.1","v3.1.0","v3.1.1","v3.1.10","v3.1.11","v3.1.12","v3.1.13","v3.1.14","v3.1.15","v3.1.16","v3.1.17","v3.1.18","v3.1.19","v3.1.2","v3.1.20","v3.1.21","v3.1.3","v3.1.4","v3.1.5","v3.1.6","v3.1.7","v3.1.8","v3.1.9","v3.2.0","v3.2.1","v3.2.2","v3.2.3","v3.2.4","v3.2.5","v3.2.6"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30123.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}