Opencast versions 13 and 14 encounter infinite loop vulnerability (Critical)

2024-11-21

Platform: Opencast
Version: 13 and 14
Vulnerability: Infinite loop with Elasticsearch queries
Severity: Critical
Date: Not specified

What Undercode Says:

Opencast versions 13 and 14 have a critical vulnerability where the integration with Elasticsearch can generate invalid queries. This results in an infinite loop that causes massive log growth and potential denial-of-service due to disk exhaustion.

Luckily, patches are available for Opencast 13.10 and 14.3 (opencast/opencast5150 and opencast/opencast5033). Upgrading to these versions or the latest (16.7) is highly recommended. Upgrading to 16.7 also harmonizes search behavior for a better user experience.

There are currently no identified workarounds for this vulnerability.

References:

Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top