{"id":"CVE-2022-30122","details":"A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.","aliases":["GHSA-hxqx-xwvh-44m2"],"modified":"2026-05-18T05:53:47.710948182Z","published":"2022-12-05T00:00:00Z","related":["SUSE-SU-2022:2192-1","SUSE-SU-2022:2526-1","openSUSE-SU-2024:12119-1","openSUSE-SU-2024:12397-1","openSUSE-SU-2024:12974-1","openSUSE-SU-2024:13167-1","openSUSE-SU-2024:13726-1","openSUSE-SU-2024:13727-1","openSUSE-SU-2025:14811-1","openSUSE-SU-2025:14875-1","openSUSE-SU-2026:10286-1","openSUSE-SU-2026:10358-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"2.0.9.1, 2.1.4.1, 2.2.3.1"}],"source":"AFFECTED_FIELD"}],"cwe_ids":["CWE-400"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/30xxx/CVE-2022-30122.json","cna_assigner":"hackerone"},"references":[{"type":"WEB","url":"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/30xxx/CVE-2022-30122.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30122"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-18"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231208-0012/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5530"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rack/rack","events":[{"introduced":"2ed515786322059f568c8a9df77a6e4b70f09225"},{"fixed":"f9cc7c2ae161820e36635734cff6e932d99e6aa8"},{"introduced":"879ae7163a399a9ed36d876668f4ecae4ae8b9e4"},{"fixed":"374f89aaa9ee5dc1de0802bfecce988cabfa3ead"},{"introduced":"39d501a28c1fe51284addfe6dacffafb69d49849"},{"fixed":"925a4a6599ab26b4f3455b525393fe155d443655"}],"database_specific":{"cpe":"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.2"},{"fixed":"2.0.9.1"},{"introduced":"2.1.0"},{"fixed":"2.1.4.1"},{"introduced":"2.2.0"},{"fixed":"2.2.3.1"}],"source":"CPE_FIELD"}}],"versions":["2.1.4","2.2.3","v2.2.2","2.1.3","2.1.2","v2.2.1","2.2.0","2.1.1","2.1.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-30122.json"}}],"schema_version":"1.7.5"}