CVE-2020-13936

Priority
Description
An attacker that is able to modify Velocity templates may execute arbitrary
Java code or run arbitrary system commands with the same privileges as the
account running the Servlet container. This applies to applications that
allow untrusted users to upload/modify velocity templates running Apache
Velocity Engine versions up to 2.2.
Notes
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:needs-triage
Ubuntu 20.04 LTS:needs-triage
Ubuntu 21.10:needs-triage
Ubuntu 22.04 LTS:needs-triage
Ubuntu 14.04 ESM:DNE
Patches:
More Information

Updated: 2022-04-25 00:46:32 UTC (commit ecc1009cb19540b950de59270950018900f37f15)