CVE-2022-30123
Shell Escape Sequence Injection vulnerability in rack (RubyGems)
What is CVE-2022-30123 About?
This vulnerability allows for shell escape sequence injection in Rack's Lint and CommonLogger components. Carefully crafted requests can cause shell escape sequences to be written to the victim's terminal via these middlewares. Attackers can leverage these sequences to possibly execute commands, making it a serious yet potentially complex exploit.
Affected Software
- rack
- <2.0.9.1
- >=2.2, <2.2.3.1
- >=2.1, <2.1.4.1
Technical Details
The vulnerability arises from improper neutralization of special characters when Rack's Lint and CommonLogger middleware process incoming request data. If an attacker submits a carefully crafted request containing shell escape sequences (e.g., ANSI escape codes for terminal control), these sequences are directly logged or presented in the terminal where the Rack application's output is being monitored. If the terminal emulator interprets these sequences, they can be leveraged to execute arbitrary commands on the victim's system, such as a developer monitoring logs.
What is the Impact of CVE-2022-30123?
Successful exploitation may allow attackers to execute arbitrary commands on the victim's terminal, compromise the integrity of system logs, or disrupt terminal sessions, potentially leading to unauthorized access or system control.
What is the Exploitability of CVE-2022-30123?
Exploitation is of medium complexity, requiring an understanding of shell escape sequences and how they are processed by terminal emulators. No authentication is required to send the malicious requests, and no special privileges are needed. This is a remote vulnerability, as the attacker sends crafted requests to the Rack application. The primary constraint is the victim actively viewing the affected logs in a terminal that interprets escape sequences. The likelihood of exploitation increases significantly if system administrators or developers frequently monitor application logs directly in vulnerable terminal environments.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-30123?
Available Upgrade Options
- rack
- <2.0.9.1 → Upgrade to 2.0.9.1
- rack
- >=2.1, <2.1.4.1 → Upgrade to 2.1.4.1
- rack
- >=2.2, <2.2.3.1 → Upgrade to 2.2.3.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://security.netapp.com/advisory/ntap-20231208-0011
- https://security.netapp.com/advisory/ntap-20231208-0011/
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml
- https://osv.dev/vulnerability/GHSA-wq4h-7r42-5hrr
- https://nvd.nist.gov/vuln/detail/CVE-2022-30123
- https://security.gentoo.org/glsa/202310-18
- https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728
- https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
- https://github.com/rack/rack
- https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88
What are Similar Vulnerabilities to CVE-2022-30123?
Similar Vulnerabilities: CVE-2025-25184 , CVE-2021-38379 , CVE-2020-15169 , CVE-2020-14002
