|Related CVEs||CVE-2022-30122 CVE-2022-30123|
Two vulnerabilities were discovered in
ruby-rack, a popular Ruby webserver:
CVE-2022-30122: Prevent a Denial of Service (DoS) vulnerability in the HTTP multipart parsing.
CVE-2022-30123: Prevent a potential shell escape sequence injection vulnerability that could be triggered through the logging system.
For Debian 9 stretch, these problems have been fixed in version 1.6.4-4+deb9u3.
We recommend that you upgrade your ruby-rack packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/