1. Home
  2. Vulnerabilities
  3. CVE-2021-32623

CVE-2021-32623

CVSS v3.1 6.5 (Medium)
65% Progress
CVSS v2.0 4 (Medium)
40% Progress
EPSS 0.07 % (33th)
0.07% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6. There is no known workaround for this issue.

Weaknesses
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2021-06-16 00:15:07
(3 years ago)
Updated Date
2021-06-23 19:55:22
(3 years ago)

Affected Products

Apereo

Configuration #1

    CPE23 From Up To
  Apereo Opencast prior 9.6 version cpe:2.3:a:apereo:opencast < 9.6