MGASA-2021-0183
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 12 Apr 2021, 19:59
Last modified:16 Apr 2026, 04:44
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Apr 2021, 19:59
Published
Vulnerability first disclosed
16 Apr 2026, 04:44
Last Modified
Vulnerability information updated
Description
Updated velocity packages fix security vulnerability An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2 (CVE-2020-13936).
Affected Systems
- mageia•velocity
< 1.7-22.1.mga7
- mageia•velocity
< 1.7-33.1.mga8