web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-19T21:14:53
Updated: 2024-08-04T16:48:01.578Z
Reserved: 2020-11-19T00:00:00
Link: CVE-2020-28954
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-11-19T22:15:13.757
Modified: 2024-11-21T05:23:22.510
Link: CVE-2020-28954
Redhat
No data.