CVE-2020-13936
Published at:
-
10-03-2021 09:15
Last modified:
-
12-05-2022 04:34
Total changes:
-
22
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
Verification logic
Reference
- N/A-Mailing List, Vendor Advisory
- [velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass-Mailing List, Vendor Advisory
- [velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement-Mailing List, Patch, Vendor Advisory
- [announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass-Mailing List, Vendor Advisory
- [oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass-Mailing List, Third Party Advisory
- [druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix-Mailing List, Vendor Advisory
- [debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update-Mailing List, Third Party Advisory
- [ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
- [ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
- [ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
- [ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
- [ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
- [santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3-Mailing List, Vendor Advisory
- [ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
- [ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
- [ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
- [turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.html-Mailing List, Patch, Vendor Advisory
- [ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
- [ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
- GLSA-202107-52-Third Party Advisory
- [activemq-users] 20210830 Security issues-Mailing List, Vendor Advisory
- [activemq-users] 20210831 RE: Security issues-Mailing List, Vendor Advisory
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Keywords