Количество 10
Количество 10
CVE-2020-13936
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
CVE-2020-13936
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
CVE-2020-13936
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
CVE-2020-13936
An attacker that is able to modify Velocity templates may execute arbi ...
openSUSE-SU-2021:0447-1
Security update for velocity
SUSE-SU-2025:0719-1
Recommended update for Maven
SUSE-SU-2021:0800-1
Security update for velocity
GHSA-59j4-wjwp-mw9m
Sandbox Bypass in Apache Velocity Engine
BDU:2022-00278
Уязвимость механизма шаблонов на основе Java velocity, связанная с неверным управлением генерацией кода, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
SUSE-SU-2022:3397-1
Security update for snakeyaml
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-13936 An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. | CVSS3: 8.8 | 16% Средний | почти 5 лет назад |
 | CVE-2020-13936 An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. | CVSS3: 8.8 | 16% Средний | почти 5 лет назад |
 | CVE-2020-13936 An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. | CVSS3: 8.8 | 16% Средний | почти 5 лет назад |
| CVE-2020-13936 An attacker that is able to modify Velocity templates may execute arbi ... | CVSS3: 8.8 | 16% Средний | почти 5 лет назад |
 | openSUSE-SU-2021:0447-1 Security update for velocity | 16% Средний | почти 5 лет назад | |
| SUSE-SU-2025:0719-1 Recommended update for Maven | 16% Средний | 12 месяцев назад | |
| SUSE-SU-2021:0800-1 Security update for velocity | 16% Средний | почти 5 лет назад | |
| GHSA-59j4-wjwp-mw9m Sandbox Bypass in Apache Velocity Engine | CVSS3: 8.8 | 16% Средний | около 4 лет назад |
 | BDU:2022-00278 Уязвимость механизма шаблонов на основе Java velocity, связанная с неверным управлением генерацией кода, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании | CVSS3: 8.8 | 16% Средний | почти 5 лет назад |
| SUSE-SU-2022:3397-1 Security update for snakeyaml | больше 3 лет назад |
Уязвимостей на страницу