USN-5896-1: Rack vulnerabilities

USN-5896-1: Rack vulnerabilities

It was discovered that Rack was not properly parsing data when processing
multipart POST requests. If a user or automated system were tricked into
sending a specially crafted multipart POST request to an application using
Rack, a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2022-30122)

It was discovered that Rack was not properly escaping untrusted data when
performing logging operations, which could cause shell escaped sequences
to be written to a terminal. If a user or automated system were tricked
into sending a specially crafted request to an application using Rack, a
remote attacker could possibly use this issue to execute arbitrary code in
the machine running the application. (CVE-2022-30123)
Source: USN-5896-1: Rack vulnerabilities

About KENNETH 19694 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.