High severityNVD Advisory· Published Mar 10, 2021· Updated Feb 13, 2025
Velocity Sandbox Bypass
CVE-2020-13936
Description
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.velocity:velocity-engine-parentMaven | < 2.3 | 2.3 |
org.apache.velocity:velocityMaven | <= 1.7 | — |
Affected products
156- ghsa-coords155 versionspkg:maven/org.apache.velocity/velocitypkg:maven/org.apache.velocity/velocity-engine-parentpkg:rpm/opensuse/maven-dependency-analyzer&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-dependency-plugin&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-doxia&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-doxia-sitetools&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-invoker&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-invoker-plugin&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-javadoc-plugin-bootstrap&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-javadoc-plugin&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-parent&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-plugin-plugin-bootstrap&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-plugin-plugin&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-plugin-tools&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-reporting-api&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-reporting-impl&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-surefire&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-surefire-plugins&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/maven-surefire-provider-junit5&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/plexus-velocity&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/snakeyaml&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/snakeyaml&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/velocity&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/velocity&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/velocity-engine-core&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/maven-doxia&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/maven-doxia&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/maven-doxia-sitetools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/maven-invoker&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/maven-invoker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/maven-javadoc-plugin&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/maven-plugin-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/maven-reporting-api&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/maven-reporting-api&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/maven-surefire&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/maven-surefire&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/maven-surefire-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/plexus-velocity&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/plexus-velocity&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/snakeyaml&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/snakeyaml&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/snakeyaml&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/snakeyaml&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/snakeyaml&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/velocity&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/velocity-engine-core&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/velocity-engine-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
<= 1.7+ 154 more
- (no CPE)range: <= 1.7
- (no CPE)range: < 2.3
- (no CPE)range: < 1.15.1-150200.3.10.3
- (no CPE)range: < 3.8.1-150200.3.10.2
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.8.1-150200.3.6.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 43-150200.3.8.2
- (no CPE)range: < 3.15.1-150200.3.15.2
- (no CPE)range: < 3.15.1-150200.3.15.2
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.4.9.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.7-lp152.5.3.1
- (no CPE)range: < 1.7-9.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.4.18.11
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 2.0.0-150200.3.18.3
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.3.0-150200.3.7.5
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.11.1-150200.4.21.2
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 3.15.1-150200.3.15.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 4.0.0-150200.3.10.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.12
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 3.5.2-150200.3.9.20.2
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 2.1.0-150200.3.10.3
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.31-150200.12.6.1
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.7-3.3.1
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- (no CPE)range: < 2.4-150200.5.3.3
- Range: Apache Velocity Engine
Patches
Vulnerability mechanics
References
43- github.com/advisories/GHSA-59j4-wjwp-mw9mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13936ghsaADVISORY
- security.gentoo.org/glsa/202107-52ghsavendor-advisoryx_refsource_GENTOOWEB
- www.openwall.com/lists/oss-security/2021/03/10/1ghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3Eghsax_refsource_MISCmailing-listx_refsource_MLISTWEB
- lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a@%3Cuser.velocity.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4@%3Cdev.santuario.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9@%3Cdev.ws.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad@%3Cdev.ws.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da@%3Cdev.ws.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6@%3Cannounce.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245@%3Cdev.ws.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3Cusers.activemq.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7@%3Ccommits.turbine.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882@%3Cusers.activemq.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6@%3Ccommits.velocity.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340@%3Cdev.ws.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd@%3Ccommits.druid.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058@%3Cdev.ws.apache.org%3EghsaWEB
- lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726@%3Cdev.ws.apache.org%3EghsaWEB
- lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c@%3Cdev.ws.apache.org%3EghsaWEB
- lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7@%3Cdev.ws.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436@%3Cdev.ws.apache.org%3EghsaWEB
- lists.debian.org/debian-lts-announce/2021/03/msg00019.htmlghsamailing-listx_refsource_MLISTWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujan2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.