7.5
CVE-2022-30122
- EPSS 2.06%
- Veröffentlicht 05.12.2022 22:15:10
- Zuletzt bearbeitet 21.11.2024 07:02:12
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rack Project ≫ Rack Version >= 1.2 < 2.0.9.1
Rack Project ≫ Rack Version >= 2.1.0 < 2.1.4.1
Rack Project ≫ Rack Version >= 2.2.0 < 2.2.3.1
Debian ≫ Debian Linux Version11.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.06% | 0.788 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-1333 Inefficient Regular Expression Complexity
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729
https://security.gentoo.org/glsa/202310-18
https://security.netapp.com/advisory/ntap-20231208-0012/
https://www.debian.org/security/2023/dsa-5530