Follow

P.S.A: A new vulnerability has been disclosed: CVE-2022-30123: Possible shell escape sequence injection vulnerability in Rack

discuss.rubyonrails.org/t/cve-

Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack’s Lint middleware and CommonLogger middleware. These escape sequences can be leveraged to possibly execute commands in the victim’s terminal.

Sign in to participate in the conversation
Ruby.social

A Mastodon instance for Rubyists & friends