Apache Velocity Engine
By the Year
In 2024 there have been 0 vulnerabilities in Apache Velocity Engine . Velocity Engine did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Velocity Engine vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Velocity Engine Security Vulnerabilities
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container
CVE-2020-13936
8.8 - High
- March 10, 2021
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Retail Xstore Office Cloud Service or by Apache? Click the Watch button to subscribe.
