An update for rubygem-rack is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1729 Final 1.0 1.0 2022-07-01 Initial 2022-07-01 2022-07-01 openEuler SA Tool V1.0 2022-07-01 rubygem-rack security update An update for rubygem-rack is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call. Security Fix(es): Denial of Service Vulnerability in Rack Multipart Parsing(CVE-2022-30122) Possible shell escape sequence injection vulnerability in Rack(CVE-2022-30123) A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.(CVE-2020-8184) An update for rubygem-rack is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High rubygem-rack https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1729 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-30122 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-30123 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-8184 https://nvd.nist.gov/vuln/detail/CVE-2022-30122 https://nvd.nist.gov/vuln/detail/CVE-2022-30123 https://nvd.nist.gov/vuln/detail/CVE-2020-8184 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS rubygem-rack-help-2.2.3.1-1.oe1.noarch.rpm rubygem-rack-2.2.3.1-1.oe1.noarch.rpm rubygem-rack-2.2.3.1-1.oe1.noarch.rpm rubygem-rack-help-2.2.3.1-1.oe1.noarch.rpm rubygem-rack-help-2.2.3.1-1.oe2203.noarch.rpm rubygem-rack-2.2.3.1-1.oe2203.noarch.rpm rubygem-rack-2.2.3.1-1.oe1.src.rpm rubygem-rack-2.2.3.1-1.oe1.src.rpm rubygem-rack-2.2.3.1-1.oe2203.src.rpm Denial of Service Vulnerability in Rack Multipart Parsing 2022-07-01 CVE-2022-30122 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H rubygem-rack security update 2022-07-01 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1729 Possible shell escape sequence injection vulnerability in Rack 2022-07-01 CVE-2022-30123 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H rubygem-rack security update 2022-07-01 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1729 A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. 2022-07-01 CVE-2020-8184 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N rubygem-rack security update 2022-07-01 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1729