Security Advisory

CVE-2020-13936

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-10 08:00:19

Last updated 2025-02-13 16:27:29

Assigner apache

State PUBLISHED

Description

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

← Browse all CVEs View on cve.org ↗