CVE-2021-32623

MEDIUM Year: 2021
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-776
View all →

Vulnerability Description

Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6. There is no known workaround for this issue.

Related Vulnerabilities

CVE-2003-1564

MEDIUM
CVSS:6.5(Medium)

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a cra...

CWE-7762003

CVE-2008-3281

MEDIUM
CVSS:6.5(Medium)

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consu...

CWE-7762008

CVE-2013-6460

MEDIUM
CVSS:6.5(Medium)

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

CWE-7762013

CVE-2013-6461

MEDIUM
CVSS:6.5(Medium)

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

CWE-7762013

CVE-2020-15303

MEDIUM
CVSS:6.5(Medium)

Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.

CWE-7762020

CVE-2020-2172

MEDIUM
CVSS:6.5(Medium)

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CWE-7762020