pkg:maven/org.xwiki.commons/xwiki-commons-velocity
Type
maven
Namespace
org.xwiki.commons
Name
xwiki-commons-velocity
Known advisories, vulnerabilities and fixes for org.xwiki.commons/xwiki-commons-velocity package.
Critical
1
High
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 12.7.0, < 12.10.3 >= 2.3.0, < 12.6.7 |
CVE-2022-24897
|
 MAVEN:GHSA-CVX5-M8VG-VXGC
|
Arbitrary filesystem write access from velocity. | high |
2022-04-28T21:16:40
(2 years ago) |
|
| Fixed | = 12.10.3 = 12.6.7 |
CVE-2022-24897
|
MAVEN:GHSA-CVX5-M8VG-VXGC
|
Arbitrary filesystem write access from velocity. | high |
2022-04-28T21:16:40
(2 years ago) |
|
| Affected | >= 15.6-rc-1, < 15.9-rc-1 >= 15.0-rc-1, < 15.5.4 >= 3.0.1, < 14.10.19 |
CVE-2024-31996
|
MAVEN:GHSA-HF43-47Q4-FHQ5
|
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution | critical |
2024-04-10T17:16:37
(5 months ago) |
|
| Fixed | = 15.9-rc-1 = 15.5.4 = 14.10.19 |
CVE-2024-31996
|
MAVEN:GHSA-HF43-47Q4-FHQ5
|
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution | critical |
2024-04-10T17:16:37
(5 months ago) |