ALAS2-2022-1895 --- pcsID: oval:org.secpod.oval:def:1701082 | Date: (C)2022-12-08 (M)2024-02-19 |
Class: PATCH | Family: unix |
A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service. A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal