org.xwiki.commons:xwiki-commons-velocity

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.xwiki.commons:xwiki-commons-velocitypage 1 of 1

CVE-2022-24897HIGHCVSS 7.5EG 7.5✓ Fixed in 12.10.3
2022-05-02
vulnerable: 12.10 ... 12.9-rc-1 (9 versions)
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File A…
CVE-2024-31996CRITICALCVSS 10.0EG 10.0✓ Fixed in 15.9-rc-1
2024-04-10
vulnerable: 15.6 ... 15.8-rc-1 (6 versions)
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, al…

Check whether org.xwiki.commons:xwiki-commons-velocity is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.xwiki.commons:xwiki-commons-velocity CVEs against the assets you own.

Start Free Scan →