Описание
Opencast RCE Vulnerability
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000217
- https://github.com/opencast/opencast/commit/2d42e42f3cfcff3a775a2538f735fca8542ce1fc
- https://github.com/opencast/opencast/commit/fba2f35df24ce2aeaff627200065cbade9b3a0cd
- https://groups.google.com/a/opencast.org/forum/#!topic/security-notices/sCpt0pIPEFg
Пакеты
Наименование
org.opencastproject:base
maven
Затронутые версииВерсия исправления
<= 2.3.2
2.3.3
Связанные уязвимости
CVSS3: 8.8
nvd
около 8 лет назад
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.