Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xd2Z2LTVqd2otNTgyaM4AATiT
Opencast RCE Vulnerability
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
Permalink: https://github.com/advisories/GHSA-qwfv-5jwj-582hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xd2Z2LTVqd2otNTgyaM4AATiT
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 7 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-qwfv-5jwj-582h, CVE-2017-1000217
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000217
- https://groups.google.com/a/opencast.org/forum/#!topic/security-notices/sCpt0pIPEFg
- https://github.com/opencast/opencast/commit/2d42e42f3cfcff3a775a2538f735fca8542ce1fc
- https://github.com/opencast/opencast/commit/fba2f35df24ce2aeaff627200065cbade9b3a0cd
- https://github.com/advisories/GHSA-qwfv-5jwj-582h
Blast Radius: 0.0
Affected Packages
maven:org.opencastproject:base
Dependent packages: 0Dependent repositories: 1
Downloads:
Affected Version Ranges: <= 2.3.2
Fixed in: 2.3.3
All affected versions:
All unaffected versions: