What is CVE-2021-32623?

CVE-2021-32623 is a high-severity vulnerability in Opencast, classified under Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion). CVSS score: 8.1/10. Published 2021-06-15.

How severe is CVE-2021-32623?

High severity. CVSS v3 base score is 8.1 out of 10.

XXE in Opencast

CVE-2021-32623

Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) den…

EPSS: 0.003 (54.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H.

Affected products

Opencast — versions < 9.6

Weakness classification (CWE)

CWE-776 — Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)

References

github.com/opencast/opencast/security/advisories/GHSA-9gwx-9cwp-5c2m (x_refsource_CONFIRM)
github.com/opencast/opencast/commit/8ae27da5a6f658011a5741b3210e715b0dc6213e (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32623?: CVE-2021-32623 is a high-severity vulnerability in Opencast, classified under Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion). CVSS score: 8.1/10. Published 2021-06-15.
How severe is CVE-2021-32623?: High severity. CVSS v3 base score is 8.1 out of 10.