CVE-2017-1000217: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

May 14, 2022 (updated July 26, 2023)

Opencast 2.3.2 and older versions is vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.

References

github.com/advisories/GHSA-qwfv-5jwj-582h
groups.google.com/a/opencast.org/forum/
nvd.nist.gov/vuln/detail/CVE-2017-1000217

Detect and mitigate CVE-2017-1000217 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →