| Package | ruby-rack |
|---|---|
| Version | 1.6.4-4+deb9u3 (stretch) |
| Related CVEs | CVE-2022-30122 CVE-2022-30123 |
Two vulnerabilities were discovered in ruby-rack, a popular Ruby webserver:
-
CVE-2022-30122: Prevent a Denial of Service (DoS) vulnerability in the HTTP multipart parsing.
-
CVE-2022-30123: Prevent a potential shell escape sequence injection vulnerability that could be triggered through the logging system.
For Debian 9 stretch, these problems have been fixed in version 1.6.4-4+deb9u3.
We recommend that you upgrade your ruby-rack packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.