Velocity Engine Apache Velocity Engine

Do you want an email whenever new security vulnerabilities are reported in Apache Velocity Engine?

By the Year

In 2023 there have been 0 vulnerabilities in Apache Velocity Engine . Velocity Engine did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 0 0.00
2021 1 8.80
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Velocity Engine vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Velocity Engine Security Vulnerabilities

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container

CVE-2020-13936 8.8 - High - March 10, 2021

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Retail Xstore Office Cloud Service or by Apache? Click the Watch button to subscribe.

Apache
Vendor

subscribe