Velocity Tools vulnerability

2023-08-1000:00:00

ubuntu.com

ubuntu

remote code execution

apache velocity

7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

JSON

Releases

Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM

Packages

velocity-tools - A subproject of the Apache Velocity project

Details

Jackson Henry discovered that Velocity Tools incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to execute
arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchlibvelocity-tools-java< 2.0-7ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchlibvelocity-tools-java-doc< 2.0-7ubuntu0.20.04.1UNKNOWN
Ubuntu18.04noarchlibvelocity-tools-java< 2.0-7ubuntu0.18.04.1~esm1UNKNOWN
Ubuntu18.04noarchlibvelocity-tools-java< 2.0-7UNKNOWN
Ubuntu18.04noarchlibvelocity-tools-java-doc< 2.0-7UNKNOWN
Ubuntu16.04noarchlibvelocity-tools-java< 2.0-4ubuntu0.1~esm1UNKNOWN
Ubuntu16.04noarchlibvelocity-tools-java< 2.0-4UNKNOWN
Ubuntu16.04noarchlibvelocity-tools-java-doc< 2.0-4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.04	noarch	libvelocity-tools-java	< 2.0-7ubuntu0.20.04.1	UNKNOWN
Ubuntu	20.04	noarch	libvelocity-tools-java-doc	< 2.0-7ubuntu0.20.04.1	UNKNOWN
Ubuntu	18.04	noarch	libvelocity-tools-java	< 2.0-7ubuntu0.18.04.1~esm1	UNKNOWN
Ubuntu	18.04	noarch	libvelocity-tools-java	< 2.0-7	UNKNOWN
Ubuntu	18.04	noarch	libvelocity-tools-java-doc	< 2.0-7	UNKNOWN
Ubuntu	16.04	noarch	libvelocity-tools-java	< 2.0-4ubuntu0.1~esm1	UNKNOWN
Ubuntu	16.04	noarch	libvelocity-tools-java	< 2.0-4	UNKNOWN
Ubuntu	16.04	noarch	libvelocity-tools-java-doc	< 2.0-4	UNKNOWN