CVE-2017-1000217
HIGH8.8EPSS 0.69%Opencast RCE Vulnerability
Published: 5/14/2022Modified: 11/8/2023
Also known as:GHSA-qwfv-5jwj-582h
Description
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
Affected packages (1)
- Maven/org.opencastproject:basefrom 0, < 2.3.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000217
- PATCHhttps://github.com/opencast/opencast
- WEBhttps://github.com/opencast/opencast/commit/2d42e42f3cfcff3a775a2538f735fca8542ce1fc
- WEBhttps://github.com/opencast/opencast/commit/fba2f35df24ce2aeaff627200065cbade9b3a0cd
- WEBhttps://groups.google.com/a/opencast.org/forum/#!topic/security-notices/sCpt0pIPEFg