VYPR

Maven package

org.xwiki.commons/xwiki-commons-velocity

pkg:maven/org.xwiki.commons/xwiki-commons-velocity

Vulnerabilities (2)

  • CVE-2024-31996Apr 10, 2024
    affected >= 3.0.1, < 14.10.19fixed 14.10.19

    XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby r

  • CVE-2022-24897May 2, 2022
    affected >= 2.3.0, < 12.6.7fixed 12.6.7

    APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on