{"id":"CVE-2022-30123","details":"A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.","aliases":["GHSA-wq4h-7r42-5hrr"],"modified":"2026-05-18T05:53:47.554635634Z","published":"2022-12-05T00:00:00Z","related":["SUSE-SU-2022:2192-1","SUSE-SU-2022:2526-1","openSUSE-SU-2024:12119-1","openSUSE-SU-2024:12397-1","openSUSE-SU-2024:12974-1","openSUSE-SU-2024:13167-1","openSUSE-SU-2024:13726-1","openSUSE-SU-2024:13727-1","openSUSE-SU-2025:14811-1","openSUSE-SU-2025:14875-1","openSUSE-SU-2026:10286-1","openSUSE-SU-2026:10358-1"],"database_specific":{"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"2.0.9.1, 2.1.4.1, 2.2.3.1"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/30xxx/CVE-2022-30123.json","cna_assigner":"hackerone","cwe_ids":["CWE-150"]},"references":[{"type":"WEB","url":"https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/30xxx/CVE-2022-30123.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30123"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-18"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231208-0011/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5530"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rack/rack","events":[{"introduced":"0"},{"fixed":"f9cc7c2ae161820e36635734cff6e932d99e6aa8"},{"introduced":"879ae7163a399a9ed36d876668f4ecae4ae8b9e4"},{"fixed":"374f89aaa9ee5dc1de0802bfecce988cabfa3ead"},{"introduced":"39d501a28c1fe51284addfe6dacffafb69d49849"},{"fixed":"925a4a6599ab26b4f3455b525393fe155d443655"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"2.0.9.1"},{"introduced":"2.1.0"},{"fixed":"2.1.4.1"},{"introduced":"2.2.0"},{"fixed":"2.2.3.1"}],"cpe":"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*"}}],"versions":["2.1.4","2.0.9","2.2.3","v2.2.2","2.1.3","2.1.2","v2.2.1","2.2.0","2.1.1","2.0.8","2.1.0","2.0.7","2.0.6","2.0.4","2.0.3","2.0.2","2.0.1","2.0.0","2.0.0.rc1","2.0.0.alpha","1.6.0.beta","1.5.1","1.5.0","1.4.1","1.4.0","1.3.0","1.3.0.beta2","1.3.0.beta","1.0","0.3","0.2","0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-30123.json"}}],"schema_version":"1.7.5"}