Описание
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
OpenShift Container Platform (OCP) openshift-logging/elasticsearch6-rhel8 container does contain a vulnerable version of velocity. The references to the library only occur in the x-pack component which is an enterprise-only feature of Elasticsearch - hence it has been marked as wontfix as this time and may be fixed in a future release. Additionally the hive container only references velocity in the testutils of the code but the code still exists in the container, as such it has been given a Moderate impact.
- Velocity as shipped with Red Hat Enterprise Linux 6 is not affected because it does not contain the vulnerable code.
- Velocity as shipped with Red Hat Enterprise Linux 7 contains a vulnerable version, but it is used as a dependency for IdM/ipa, which does not use the vulnerable functionality. It has been marked as Moderate for this reason.
- Although velocity shipped in Red Hat Enterprise Linux 8's pki-deps:10.6 for IdM/ipa is a vulnerable version, the vulnerable code is not used by pki. It has been marked as Low for this reason.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | velocity | Not affected | ||
| Red Hat AMQ Broker 7 | velocity | Not affected | ||
| Red Hat BPM Suite 6 | velocity | Out of support scope | ||
| Red Hat CodeReady Studio 12 | velocity | Affected | ||
| Red Hat Decision Manager 7 | velocity | Affected | ||
| Red Hat Enterprise Linux 6 | velocity | Not affected | ||
| Red Hat Enterprise Linux 7 | velocity | Out of support scope | ||
| Red Hat Enterprise Linux 8 | pki-deps:10.6/velocity | Fix deferred | ||
| Red Hat JBoss A-MQ 6 | velocity | Out of support scope | ||
| Red Hat JBoss BRMS 6 | velocity | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
An attacker that is able to modify Velocity templates may execute arbi ...
EPSS
8.8 High
CVSS3