CVE-2017-1000217 – org.opencastproject:base

Package

Manager: maven
Name: org.opencastproject:base
Vulnerable Version: >=0 <2.3.3

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00694 pctl0.71006

Details

Opencast RCE Vulnerability Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.

Metadata

Created: 2022-05-14T01:06:17Z
Modified: 2023-10-24T13:17:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qwfv-5jwj-582h/GHSA-qwfv-5jwj-582h.json
CWE IDs: ["CWE-74"]
Alternative ID: GHSA-qwfv-5jwj-582h
Finding: F184
Auto approve: 1