Tiago Jacobs

**Name of the Vulnerable Software and Affected Versions** BigBlueButton versions prior to 2.2.29 **Description** The issue is related to a lack of certain parameter sanitization in the web/controllers/ApiController.groovy file. This allows for the acceptance of control characters in a user name. **Recommendations** For versions prior to 2.2.29, update to version 2.2.29 or later to resolve the issue. As a temporary workaround, consider restricting the input for user names to prevent the acceptance of control characters until a patch is applied.