CVE-2022-30122 - OpenCVE

A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Rack Project	Rack

Configuration 1 [-]

OR	cpe:2.3:a:rack_project:rack::::::::
	cpe:2.3:a:rack_project:rack::::::::
	cpe:2.3:a:rack_project:rack::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References

Link	Resource
https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729	Third Party Advisory
https://security.gentoo.org/glsa/202310-18	Third Party Advisory
https://security.netapp.com/advisory/ntap-20231208-0012/	Third Party Advisory
https://www.debian.org/security/2023/dsa-5530	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2022-12-05T00:00:00

Updated: 2023-12-08T22:06:21.756956

Reserved: 2022-05-02T00:00:00

Link: CVE-2022-30122

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-12-05T22:15:10.227

Modified: 2023-12-20T03:02:05.353

Link: CVE-2022-30122

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*", "matchCriteriaId": "442EB5AF-A390-4A62-8B4E-8A2C082864D3", "versionEndExcluding": "2.0.9.1", "versionStartIncluding": "1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*", "matchCriteriaId": "32E774AF-E7BB-45EB-B5E4-66F8F5D36285", "versionEndExcluding": "2.1.4.1", "versionStartIncluding": "2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*", "matchCriteriaId": "6145EE1D-85D5-4744-BA51-88EC52FF2891", "versionEndExcluding": "2.2.3.1", "versionStartIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack."}, {"lang": "es", "value": "Existe una posible vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en Rack <2.0.9.1, <2.1.4.1 y <2.2.3.1 en el componente de an\u00e1lisis multiparte de Rack."}], "id": "CVE-2022-30122", "lastModified": "2023-12-20T03:02:05.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-05T22:15:10.227", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-18"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231208-0012/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5530"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1333"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "support@hackerone.com", "type": "Secondary"}]}