Regular Expression Denial Of Service (ReDoS)

🗓️ 30 May 2022 02:27:40Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 28 Views

rack multipart module ReDoS vulnerabilit

Reporter	Title	Published	Views	Family All 102
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rack-2.0.7.gem	15 Apr 202503:42	–	ibm
ATTACKERKB	CVE-2022-30122	5 Dec 202222:15	–	attackerkb
Tenable Nessus	Amazon Linux 2 : pcs (ALAS-2022-1895)	7 Dec 202200:00	–	nessus
Tenable Nessus	Debian dla-3095 : ruby-rack - security update	4 Sep 202200:00	–	nessus
Tenable Nessus	Debian DSA-5530-1 : ruby-rack - security update	22 Oct 202300:00	–	nessus
Tenable Nessus	GLSA-202310-18 : Rack: Multiple Vulnerabilities	30 Oct 202300:00	–	nessus
Tenable Nessus	RHEL 7 / 8 : Satellite 6.11.4 Async Security Update (Important) (RHSA-2022:7242)	28 Apr 202400:00	–	nessus
Tenable Nessus	RHEL 7 : Red Hat Gluster Storage web-admin-build (RHSA-2023:1486)	28 Mar 202300:00	–	nessus
Tenable Nessus	RHEL 7 : rubygem-rack (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : rubygem-rack (SUSE-SU-2022:2192-1)	28 Jun 202200:00	–	nessus

Vulners

Node

ruby-rack ruby-rackMatch2.1.1-5debian

AND

ruby-rack ruby-rackMatch2.1.4-3debian

AND

debian debian_linuxMatch999

ruby-rack ruby-rackMatch2.1.1-5debian

AND

debian debian_linuxMatch11

rack_project rackRange2.2.0–2.2.3ruby

rack_project rackRange2.1.0–2.1.4ruby

rack_project rackRange2.0.0.alpha–2.0.9ruby

rack_project rackRange1.3.0.beta–1.6.13ruby

tfm-rubygem-rack tfm-rubygem-rackMatch2.2.3_1.el7sat

rubygem-rack rubygem-rackMatch2.0.7_1.epel8.playground

rubygem-rack rubygem-rackMatch2.0.8_1.epel8.playground

rubygem-rack rubygem-rackMatch2.2.2_1.el8

rubygem-rack rubygem-rackMatch2.2.2_1.epel8.playground

rubygem-rack rubygem-rackMatch2.0.8_1.el8

rubygem-rack rubygem-rackMatch2.0.7_1.el8

rubygem-rack rubygem-rackMatch1.6.12_1.el7

rubygem-rack rubygem-rackMatch1.5.2_4.el7

rubygem-rack rubygem-rackMatch1.6.4_2.el7

rubygem-rack rubygem-rackMatch1.6.4_2.el7sat

rubygem-rack rubygem-rackMatch1.4.1_13.el7sat

rubygem-rack rubygem-rackMatch1.5.2_4.el7ost

rubygem-rack rubygem-rackMatch1.5.2_4.el7aos

rubygem-rack rubygem-rackMatch1.6.4_3.el7sat

rubygem-rack rubygem-rackMatch1.6.12_1.el7sat

rubygem-rack rubygem-rackMatch1.6.4_2.el7rhgs

clusterlabs pcsMatch0.9.167_3.el7.centos

clusterlabs pcsMatch0.9.162_5.el7.centos.1

clusterlabs pcsMatch0.9.169_3.el7.centos.1

clusterlabs pcsMatch0.9.169_3.el7.centos

clusterlabs pcsMatch0.9.165_6.el7.centos.2

clusterlabs pcsMatch0.9.167_3.el7.centos.1

clusterlabs pcsMatch0.9.137_13.el7_1.2

clusterlabs pcsMatch0.9.165_6.el7.centos

clusterlabs pcsMatch0.9.162_5.el7.centos.2

clusterlabs pcsMatch0.9.158_4.el7

clusterlabs pcsMatch0.9.165_6.el7.centos.1

clusterlabs pcsMatch0.9.168_4.el7.centos

clusterlabs pcsMatch0.9.169_3.el7.centos.3

Source	Link
github	www.github.com/rack/rack/commit/ad699ca3f5822ce6c409ccd8f9fea898e61703fe
github	www.github.com/rack/rack/commit/a872bcce127a6f4a0f16af8f28b686955ba32814
github	www.github.com/rack/rack/commit/41be3d7f3fd73ccf246ad97c3831d02f99d2ce84
debian	www.debian.org/security/2023/dsa-5530
github	www.github.com/advisories/GHSA-hxqx-xwvh-44m2
security	www.security.gentoo.org/glsa/202310-18
groups	www.groups.google.com/g/ruby-security-ann/c/L2Axto442qk
discuss	www.discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729
security	www.security.netapp.com/advisory/ntap-20231208-0012/

20 Dec 2023 06:58Current

8.3High risk

Vulners AI Score8.3

CVSS 3.17.5

EPSS0.01042

SSVC