CVE-2020-28954

Published November 19th, 2020

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

MEDIUM

Affected

PROJECT

Description

web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.

bigbluebutton/bigbluebutton

A complete web conferencing system for virtual classes and more!

GitHub

9.17K