Rack: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Rack, the worst of which can lead to sequence injection in logging compontents. rack 2023-10-30 2023-10-30 884795 remote 2.2.3.1 2.2.3.1

Rack is a modular Ruby web server interface.

Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details.

A possible denial of service vulnerability was found in the multipart parsing component of Rack. A sequence injection vulnerability was found which could allow a possible shell escape in the Lint and CommonLogger components of Rack.

There is no known workaround at this time.

All Rack users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-ruby/rack-2.2.3.1" CVE-2022-30122 CVE-2022-30123 graaff graaff