CVE-2020-13936

Description

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Affected Software
References

Software	From	Fixed in
debian / debian_linux	9.0	9.0.x
apache / wss4j	2.3.1	2.3.1.x
oracle / retail_service_backbone	19.0.1	19.0.1.x
oracle / banking_platform	2.3.0	2.4.1.x
oracle / banking_platform	2.6.2	2.6.2.x
oracle / banking_platform	2.7.1	2.7.1.x
oracle / retail_integration_bus	19.0.1	19.0.1.x
oracle / retail_order_broker	16.0	16.0.x
oracle / communications_network_integrity	7.3.6	7.3.6.x
oracle / communications_cloud_native_core_policy	1.14.0	1.14.0.x
oracle / banking_enterprise_default_management	2.10.0	2.10.0.x
oracle / banking_enterprise_default_management	2.12.0	2.12.0.x
oracle / banking_enterprise_default_management	2.3.0	2.4.1.x
oracle / banking_enterprise_default_management	2.6.2	2.6.2.x
oracle / banking_enterprise_default_management	2.7.1	2.7.1.x
oracle / banking_loans_servicing	2.12.0	2.12.0.x
oracle / banking_party_management	2.7.0	2.7.0.x
oracle / utilities_testing_accelerator	6.0.0.1.1	6.0.0.1.1.x
oracle / utilities_testing_accelerator	6.0.0.2.2	6.0.0.2.2.x
oracle / utilities_testing_accelerator	6.0.0.3.1	6.0.0.3.1.x
oracle / banking_deposits_and_lines_of_credit_servicing	2.12.0	2.12.0.x
apache / velocity_engine	-	2.3
oracle / hospitality_token_proxy_service	19.2	19.2.x
oracle / retail_xstore_office_cloud_service	16.0.6	16.0.6.x
oracle / retail_xstore_office_cloud_service	17.0.4	17.0.4.x
oracle / retail_xstore_office_cloud_service	18.0.3	18.0.3.x
oracle / retail_xstore_office_cloud_service	19.0.2	19.0.2.x
oracle / retail_xstore_office_cloud_service	20.0.1	20.0.1.x
org.apache.velocity / velocity-engine-parent	-	2.3
org.apache.velocity / velocity	-	1.7.x

Severity: High

CVE: CVE-2020-13936
GHSA: GHSA-59j4-wjwp-mw9m
Published: Mar 10, 2021
Updated: Nov 8, 2023
Exploit:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-20

CVE-2020-13936

Description

Details

CVSS v3

CVSS v2

CWEs