Velocity Engine Apache Velocity Engine

Do you want an email whenever new security vulnerabilities are reported in Apache Velocity Engine?

By the Year

In 2022 there have been 0 vulnerabilities in Apache Velocity Engine . Last year Velocity Engine had 1 security vulnerability published. Right now, Velocity Engine is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 1 8.80
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Velocity Engine vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Velocity Engine Security Vulnerabilities

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container

CVE-2020-13936 8.8 - High - March 10, 2021

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Retail Xstore Office Cloud Service or by Apache? Click the Watch button to subscribe.

Apache
Vendor

subscribe