CVE-2017-1000217
Opencast RCE Vulnerability
8.8
HIGH
CVSS 3.1
EPSS 0.69%
Description
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
How to fix CVE-2017-1000217
To remediate CVE-2017-1000217, upgrade the affected package to a fixed version below.
- Maven/org.opencastproject:base—upgrade to 2.3.3 or later
Is CVE-2017-1000217 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.3.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |