CVE-2017-1000217
HIGH8.8EPSS 0.69%Opencast RCE Vulnerability
發布日:2022/5/14修改日:2023/11/8
描述
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
受影響套件(1)
- Maven/org.opencastproject:basefrom 0, < 2.3.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000217
- PATCHhttps://github.com/opencast/opencast
- WEBhttps://github.com/opencast/opencast/commit/2d42e42f3cfcff3a775a2538f735fca8542ce1fc
- WEBhttps://github.com/opencast/opencast/commit/fba2f35df24ce2aeaff627200065cbade9b3a0cd
- WEBhttps://groups.google.com/a/opencast.org/forum/#!topic/security-notices/sCpt0pIPEFg