Maven package
org.xwiki.commons/xwiki-commons-velocity
pkg:maven/org.xwiki.commons/xwiki-commons-velocity
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-31996 | — | >= 3.0.1, < 14.10.19 | 14.10.19 | Apr 10, 2024 | XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby r | ||
| CVE-2022-24897 | — | >= 2.3.0, < 12.6.7 | 12.6.7 | May 2, 2022 | APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on |
- CVE-2024-31996Apr 10, 2024affected >= 3.0.1, < 14.10.19fixed 14.10.19
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby r
- CVE-2022-24897May 2, 2022affected >= 2.3.0, < 12.6.7fixed 12.6.7
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on