Himanshu Maurya created AMBARI-25805:
----------------------------------------
Summary: Fix Ambari CVE velocity-1.7.jar
Key: AMBARI-25805
URL: https://issues.apache.org/jira/browse/AMBARI-25805
Project: Ambari
Issue Type: Bug
Reporter: Himanshu Maurya
[CVE-2020-13936|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13936]
An attacker that is able to modify Velocity templates may execute arbitrary
Java code or run arbitrary system commands with the same privileges as the
account running the Servlet container. This applies to applications that allow
untrusted users to upload/modify velocity templates running Apache Velocity
Engine versions up to 2.2.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
