CVE-2020-13936

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
apachevelocity_engine
𝑥
< 2.3
apachewss4j
2.3.1
debiandebian_linux
9.0
oraclebanking_deposits_and_lines_of_credit_servicing
2.12.0
oraclebanking_enterprise_default_management
2.3.0 ≤
𝑥
≤ 2.4.1
oraclebanking_enterprise_default_management
2.6.2
oraclebanking_enterprise_default_management
2.7.1
oraclebanking_enterprise_default_management
2.10.0
oraclebanking_enterprise_default_management
2.12.0
oraclebanking_loans_servicing
2.12.0
oraclebanking_party_management
2.7.0
oraclebanking_platform
2.3.0 ≤
𝑥
≤ 2.4.1
oraclebanking_platform
2.6.2
oraclebanking_platform
2.7.1
oraclecommunications_cloud_native_core_policy
1.14.0
oraclecommunications_network_integrity
7.3.6
oraclehospitality_token_proxy_service
19.2
oracleretail_integration_bus
19.0.1
oracleretail_order_broker
16.0
oracleretail_service_backbone
19.0.1
oracleretail_xstore_office_cloud_service
16.0.6
oracleretail_xstore_office_cloud_service
17.0.4
oracleretail_xstore_office_cloud_service
18.0.3
oracleretail_xstore_office_cloud_service
19.0.2
oracleretail_xstore_office_cloud_service
20.0.1
oracleutilities_testing_accelerator
6.0.0.1.1
oracleutilities_testing_accelerator
6.0.0.2.2
oracleutilities_testing_accelerator
6.0.0.3.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
velocity
bookworm
1.7-6
fixed
bullseye
1.7-6
fixed
sid
1.7-7
fixed
trixie
1.7-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
velocity
bionic
Fixed 1.7-5ubuntu0.18.04.1~esm1
released
focal
Fixed 1.7-5+deb9u1build0.20.04.1
released
groovy
ignored
hirsute
ignored
impish
ignored
jammy
not-affected
kinetic
ignored
lunar
not-affected
trusty
dne
xenial
Fixed 1.7-4ubuntu0.1~esm1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
maven-doxia-core
suse enterprise sap 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP5
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP2
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP5
2.0.0-150200.4.18.11
fixed
maven-doxia-module-apt
suse enterprise sap 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP5
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP2
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP5
2.0.0-150200.4.18.11
fixed
maven-doxia-module-fml
suse enterprise sap 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP5
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP2
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP5
2.0.0-150200.4.18.11
fixed
maven-doxia-module-xdoc
suse enterprise sap 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP5
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP2
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP5
2.0.0-150200.4.18.11
fixed
maven-doxia-module-xhtml5
suse enterprise sap 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP5
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP2
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP5
2.0.0-150200.4.18.11
fixed
maven-doxia-sink-api
suse enterprise sap 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise sap 15 SP5
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP2
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP3
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP4
2.0.0-150200.4.18.11
fixed
suse enterprise server 15 SP5
2.0.0-150200.4.18.11
fixed
maven-doxia-sitetools
suse enterprise sap 15 SP3
2.0.0-150200.3.18.3
fixed
suse enterprise sap 15 SP4
2.0.0-150200.3.18.3
fixed
suse enterprise sap 15 SP5
2.0.0-150200.3.18.3
fixed
suse enterprise server 15 SP2
2.0.0-150200.3.18.3
fixed
suse enterprise server 15 SP3
2.0.0-150200.3.18.3
fixed
suse enterprise server 15 SP4
2.0.0-150200.3.18.3
fixed
suse enterprise server 15 SP5
2.0.0-150200.3.18.3
fixed
maven-invoker
suse enterprise desktop 15 SP6
3.3.0-150200.3.7.5
fixed
suse enterprise desktop 15 SP7
3.3.0-150200.3.7.5
fixed
suse enterprise sap 15 SP3
3.3.0-150200.3.7.5
fixed
suse enterprise sap 15 SP4
3.3.0-150200.3.7.5
fixed
suse enterprise sap 15 SP5
3.3.0-150200.3.7.5
fixed
suse enterprise sap 15 SP6
3.3.0-150200.3.7.5
fixed
suse enterprise sap 15 SP7
3.3.0-150200.3.7.5
fixed
suse enterprise server 15 SP2
3.3.0-150200.3.7.5
fixed
suse enterprise server 15 SP3
3.3.0-150200.3.7.5
fixed
suse enterprise server 15 SP4
3.3.0-150200.3.7.5
fixed
suse enterprise server 15 SP5
3.3.0-150200.3.7.5
fixed
suse enterprise server 15 SP6
3.3.0-150200.3.7.5
fixed
suse enterprise server 15 SP7
3.3.0-150200.3.7.5
fixed
maven-javadoc-plugin
suse enterprise sap 15 SP3
3.11.1-150200.4.21.2
fixed
suse enterprise sap 15 SP4
3.11.1-150200.4.21.2
fixed
suse enterprise sap 15 SP5
3.11.1-150200.4.21.2
fixed
suse enterprise server 15 SP2
3.11.1-150200.4.21.2
fixed
suse enterprise server 15 SP3
3.11.1-150200.4.21.2
fixed
suse enterprise server 15 SP4
3.11.1-150200.4.21.2
fixed
suse enterprise server 15 SP5
3.11.1-150200.4.21.2
fixed
maven-plugin-annotations
suse enterprise desktop 15 SP6
3.15.1-150200.3.15.12
fixed
suse enterprise sap 15 SP3
3.15.1-150200.3.15.12
fixed
suse enterprise sap 15 SP4
3.15.1-150200.3.15.12
fixed
suse enterprise sap 15 SP5
3.15.1-150200.3.15.12
fixed
suse enterprise sap 15 SP6
3.15.1-150200.3.15.12
fixed
suse enterprise server 15 SP2
3.15.1-150200.3.15.12
fixed
suse enterprise server 15 SP3
3.15.1-150200.3.15.12
fixed
suse enterprise server 15 SP4
3.15.1-150200.3.15.12
fixed
suse enterprise server 15 SP5
3.15.1-150200.3.15.12
fixed
suse enterprise server 15 SP6
3.15.1-150200.3.15.12
fixed
maven-reporting-api
suse enterprise sap 15 SP3
4.0.0-150200.3.10.12
fixed
suse enterprise sap 15 SP4
4.0.0-150200.3.10.12
fixed
suse enterprise sap 15 SP5
4.0.0-150200.3.10.12
fixed
suse enterprise server 15 SP2
4.0.0-150200.3.10.12
fixed
suse enterprise server 15 SP3
4.0.0-150200.3.10.12
fixed
suse enterprise server 15 SP4
4.0.0-150200.3.10.12
fixed
suse enterprise server 15 SP5
4.0.0-150200.3.10.12
fixed
maven-surefire
suse enterprise desktop 15 SP6
3.5.2-150200.3.9.20.12
fixed
suse enterprise desktop 15 SP7
3.5.2-150200.3.9.20.12
fixed
suse enterprise sap 15 SP3
3.5.2-150200.3.9.20.12
fixed
suse enterprise sap 15 SP4
3.5.2-150200.3.9.20.12
fixed
suse enterprise sap 15 SP5
3.5.2-150200.3.9.20.12
fixed
suse enterprise sap 15 SP6
3.5.2-150200.3.9.20.12
fixed
suse enterprise sap 15 SP7
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP2
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP3
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP4
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP5
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP6
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP7
3.5.2-150200.3.9.20.12
fixed
maven-surefire-plugin
suse enterprise desktop 15 SP6
3.5.2-150200.3.9.20.2
fixed
suse enterprise desktop 15 SP7
3.5.2-150200.3.9.20.2
fixed
suse enterprise sap 15 SP3
3.5.2-150200.3.9.20.2
fixed
suse enterprise sap 15 SP4
3.5.2-150200.3.9.20.2
fixed
suse enterprise sap 15 SP5
3.5.2-150200.3.9.20.2
fixed
suse enterprise sap 15 SP6
3.5.2-150200.3.9.20.2
fixed
suse enterprise sap 15 SP7
3.5.2-150200.3.9.20.2
fixed
suse enterprise server 15 SP2
3.5.2-150200.3.9.20.2
fixed
suse enterprise server 15 SP3
3.5.2-150200.3.9.20.2
fixed
suse enterprise server 15 SP4
3.5.2-150200.3.9.20.2
fixed
suse enterprise server 15 SP5
3.5.2-150200.3.9.20.2
fixed
suse enterprise server 15 SP6
3.5.2-150200.3.9.20.2
fixed
suse enterprise server 15 SP7
3.5.2-150200.3.9.20.2
fixed
maven-surefire-provider-junit
suse enterprise sap 15 SP3
3.5.2-150200.3.9.20.12
fixed
suse enterprise sap 15 SP4
3.5.2-150200.3.9.20.12
fixed
suse enterprise sap 15 SP5
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP2
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP3
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP4
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP5
3.5.2-150200.3.9.20.12
fixed
maven-surefire-provider-testng
suse enterprise sap 15 SP3
3.5.2-150200.3.9.20.12
fixed
suse enterprise sap 15 SP4
3.5.2-150200.3.9.20.12
fixed
suse enterprise sap 15 SP5
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP2
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP3
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP4
3.5.2-150200.3.9.20.12
fixed
suse enterprise server 15 SP5
3.5.2-150200.3.9.20.12
fixed
plexus-velocity
suse enterprise sap 15 SP3
2.1.0-150200.3.10.3
fixed
suse enterprise sap 15 SP4
2.1.0-150200.3.10.3
fixed
suse enterprise sap 15 SP5
2.1.0-150200.3.10.3
fixed
suse enterprise server 15 SP2
2.1.0-150200.3.10.3
fixed
suse enterprise server 15 SP3
2.1.0-150200.3.10.3
fixed
suse enterprise server 15 SP4
2.1.0-150200.3.10.3
fixed
suse enterprise server 15 SP5
2.1.0-150200.3.10.3
fixed
snakeyaml
suse enterprise desktop 15 SP3
1.31-150200.3.8.1
fixed
suse enterprise desktop 15 SP4
1.31-150200.3.8.1
fixed
suse enterprise desktop 15 SP5
1.31-150200.3.8.1
fixed
suse enterprise desktop 15 SP6
1.31-150200.3.8.1
fixed
suse enterprise desktop 15 SP7
1.31-150200.3.8.1
fixed
suse enterprise sap 15 SP3
1.31-150200.3.8.1
fixed
suse enterprise sap 15 SP4
1.31-150200.3.8.1
fixed
suse enterprise sap 15 SP5
1.31-150200.3.8.1
fixed
suse enterprise sap 15 SP6
1.31-150200.3.8.1
fixed
suse enterprise sap 15 SP7
1.31-150200.3.8.1
fixed
suse enterprise server 15 SP3
1.31-150200.3.8.1
fixed
suse enterprise server 15 SP4
1.31-150200.3.8.1
fixed
suse enterprise server 15 SP5
1.31-150200.3.8.1
fixed
suse enterprise server 15 SP6
1.31-150200.3.8.1
fixed
suse enterprise server 15 SP7
1.31-150200.3.8.1
fixed
velocity
suse enterprise desktop 15 SP3
1.7-3.3.1
fixed
suse enterprise desktop 15 SP4
1.7-3.3.1
fixed
suse enterprise desktop 15 SP5
1.7-3.3.1
fixed
suse enterprise sap 15 SP3
1.7-3.3.1
fixed
suse enterprise sap 15 SP4
1.7-3.3.1
fixed
suse enterprise sap 15 SP5
1.7-3.3.1
fixed
suse enterprise server 15 SP3
1.7-3.3.1
fixed
suse enterprise server 15 SP4
1.7-3.3.1
fixed
suse enterprise server 15 SP5
1.7-3.3.1
fixed
velocity-engine-core
suse enterprise sap 15 SP3
2.4-150200.5.3.3
fixed
suse enterprise sap 15 SP4
2.4-150200.5.3.3
fixed
suse enterprise sap 15 SP5
2.4-150200.5.3.3
fixed
suse enterprise server 15 SP2
2.4-150200.5.3.3
fixed
suse enterprise server 15 SP3
2.4-150200.5.3.3
fixed
suse enterprise server 15 SP4
2.4-150200.5.3.3
fixed
suse enterprise server 15 SP5
2.4-150200.5.3.3
fixed
References
http://www.openwall.com/lists/oss-security/2021/03/10/1
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E
https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3E
https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3E
https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html
https://security.gentoo.org/glsa/202107-52
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
http://www.openwall.com/lists/oss-security/2021/03/10/1
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E
https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3E
https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3E
https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html
https://security.gentoo.org/glsa/202107-52
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html