rack is vulnerable to OS command injection. The vulnerability exists in log
function in CommonLogger
and Lint
middleware because of the escape sequences which allows an attacker to execute shell commands.
discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728
github.com/advisories/GHSA-wq4h-7r42-5hrr
github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88
github.com/rack/rack/pull/1903
github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml
groups.google.com/g/ruby-security-ann/c/LWB10kWzag8