Sign In

CVE-2020-13936

ADVISORY - github

Summary

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

EPSS Score: 0.10626 (0.929)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo

ADVISORY - github

CWE-20

Improper Input Validation

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

(CWE-77|CWE-94)

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2020-13936
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-noinfo

CVSS SCORE

8.8high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-59j4-wjwp-mw9m
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20

CVSS SCORE

8.8high

Debian

CREATED

UPDATED

ADVISORY IDCVE-2020-13936
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2020-13936
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.8medium

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2020-13936

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-78CWE-937

CVSS SCORE

8.8high

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2021-1690
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2020-13936
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
(CWE-77|CWE-94)

CVSS SCORE

8.8high