Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-5120

Upgrade Velocity Engine & Velocity Tools

    XMLWordPrintableJSON

Details

    • Dependency
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 6.0.0
    • Plugin - Velocity
    • None

    Description

      Velocity Engine has known vulnerability:
      CVE-2020-13936: Velocity Sandbox Bypass

      Velocity Tools has known vulnerability:
      CVE-2020-13959: Velocity Tools XSS Vulnerability

      Attachments

        Activity

          People

            Unassigned Unassigned
            lukaszlenart Lukasz Lenart
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: