Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 2 of 2 results


CVE-2020-13959

Medium priority

Some fixes available 3 of 7

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this...

1 affected packages

velocity-tools

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
velocity-tools Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-13936

Medium priority

Some fixes available 3 of 7

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow...

1 affected packages

velocity

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
velocity Not affected Fixed Fixed Fixed
Show less packages