CVE-2021-39183

Опубликовано: 14 дек. 2021

Источник: nvd

CVSS3: 8.2

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src is required to be set to blob for the video player.

Ссылки

https://github.com/owncast/owncast/security/advisories/GHSA-2hfj-cxw7-g45p
Exploit
Patch
Third Party Advisory
https://github.com/owncast/owncast/security/advisories/GHSA-2hfj-cxw7-g45p
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:owncast_project:owncast:*:*:*:*:*:*:*:*

Версия до 0.0.9 (исключая)

EPSS

Процентиль: 55%

0.00326

Низкий

8.2 High

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2hfj-cxw7-g45p

CVSS3: 8.2

github

около 4 лет назад

Unsafe inline XSS in pasting DOM element into chat

EPSS

Процентиль: 55%

0.00326

Низкий

8.2 High

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79