2024-11-21
Platform: Opencast
Version: 13 and 14
Vulnerability: Infinite loop with Elasticsearch queries
Severity: Critical
Date: Not specified
What Undercode Says:
Opencast versions 13 and 14 have a critical vulnerability where the integration with Elasticsearch can generate invalid queries. This results in an infinite loop that causes massive log growth and potential denial-of-service due to disk exhaustion.
Luckily, patches are available for Opencast 13.10 and 14.3 (opencast/opencast5150 and opencast/opencast5033). Upgrading to these versions or the latest (16.7) is highly recommended. Upgrading to 16.7 also harmonizes search behavior for a better user experience.
There are currently no identified workarounds for this vulnerability.
References:
Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help