CVE-2021-39183

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-39183

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39183.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-39183

Aliases

Related

GHSA-2hfj-cxw7-g45p

Published

2021-12-14T20:15:07Z

Modified

2025-01-14T09:33:59.060653Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src is required to be set to blob for the video player.

References

https://github.com/owncast/owncast/security/advisories/GHSA-2hfj-cxw7-g45p

Affected packages

Git / github.com/owncast/owncast

Affected ranges

Type: GIT
Repo: https://github.com/owncast/owncast
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7860fe78dc56dc5b2b6e11011dc1e842fff57890

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8