Ducctrungg

**Name of the Vulnerable Software and Affected Versions** BigBlueButton versions prior to 3.0.13 **Description** BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) issue exists that allows any authenticated user to freeze or crash the server by abusing the polling feature's `Choices` response type. An attacker can submit a malicious payload with a massive array in the `answerIds` field, causing the current meeting – and potentially all meetings on the server – to become unresponsive. The attack leverages the `answerIds` field to overwhelm the server's processing capabilities. **Recommendations** Update to version 3.0.13 or later.

**Name of the Vulnerable Software and Affected Versions** BigBlueButton versions prior to 3.0.13 **Description** BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) condition exists in versions prior to 3.0.13. An authenticated user can disrupt chat functionality for all meeting participants by sending a malformed `reactionEmojiId` within the `chatSendMessageReaction` GraphQL mutation. The vulnerability resides in the handling of the `reactionEmojiId` parameter. **Recommendations** Update to version 3.0.13 or later.