{"url":"http://public2.vulnerablecode.io/api/packages/554056?format=json","purl":"pkg:maven/org.xwiki.commons/xwiki-commons-velocity@5.0-milestone-2","type":"maven","namespace":"org.xwiki.commons","name":"xwiki-commons-velocity","version":"5.0-milestone-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"14.10.19","latest_non_vulnerable_version":"15.9-rc-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43093?format=json","vulnerability_id":"VCID-7sjf-a9xa-bydf","summary":"XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9 RC1. Apart from upgrading, there is no generic workaround. However, replacing `$escapetool.html` by `$escapetool.xml` in XWiki documents fixes the vulnerability. In a standard XWiki installation, the maintainers are only aware of the document `Panels.PanelLayoutUpdate` that exposes this vulnerability, patching this document is thus a workaround. Any extension could expose this vulnerability and might thus require patching, too.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31996","reference_id":"","reference_type":"","scores":[{"value":"0.0805","scoring_system":"epss","scoring_elements":"0.92312","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31996"},{"reference_url":"https://github.com/xwiki/xwiki-commons","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xwiki/xwiki-commons"},{"reference_url":"https://github.com/xwiki/xwiki-commons/commit/b0805160ec7b01ee12417e79cb384e60ae4817aa","reference_id":"b0805160ec7b01ee12417e79cb384e60ae4817aa","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-03T14:18:52Z/"}],"url":"https://github.com/xwiki/xwiki-commons/commit/b0805160ec7b01ee12417e79cb384e60ae4817aa"},{"reference_url":"https://github.com/xwiki/xwiki-commons/commit/b94142e2a66ec32e89eacab67c3da8d91f5ef93a","reference_id":"b94142e2a66ec32e89eacab67c3da8d91f5ef93a","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-03T14:18:52Z/"}],"url":"https://github.com/xwiki/xwiki-commons/commit/b94142e2a66ec32e89eacab67c3da8d91f5ef93a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31996","reference_id":"CVE-2024-31996","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31996"},{"reference_url":"https://github.com/xwiki/xwiki-commons/commit/ed7ff515a2436a1c6dcbd0c6ca0c41e434d58915","reference_id":"ed7ff515a2436a1c6dcbd0c6ca0c41e434d58915","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-03T14:18:52Z/"}],"url":"https://github.com/xwiki/xwiki-commons/commit/ed7ff515a2436a1c6dcbd0c6ca0c41e434d58915"},{"reference_url":"https://github.com/advisories/GHSA-hf43-47q4-fhq5","reference_id":"GHSA-hf43-47q4-fhq5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hf43-47q4-fhq5"},{"reference_url":"https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-hf43-47q4-fhq5","reference_id":"GHSA-hf43-47q4-fhq5","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-03T14:18:52Z/"}],"url":"https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-hf43-47q4-fhq5"},{"reference_url":"https://jira.xwiki.org/browse/XCOMMONS-2828","reference_id":"XCOMMONS-2828","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-03T14:18:52Z/"}],"url":"https://jira.xwiki.org/browse/XCOMMONS-2828"},{"reference_url":"https://jira.xwiki.org/browse/XWIKI-21438","reference_id":"XWIKI-21438","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-03T14:18:52Z/"}],"url":"https://jira.xwiki.org/browse/XWIKI-21438"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30298?format=json","purl":"pkg:maven/org.xwiki.commons/xwiki-commons-velocity@14.10.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-velocity@14.10.19"},{"url":"http://public2.vulnerablecode.io/api/packages/30302?format=json","purl":"pkg:maven/org.xwiki.commons/xwiki-commons-velocity@15.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-velocity@15.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/30300?format=json","purl":"pkg:maven/org.xwiki.commons/xwiki-commons-velocity@15.9-rc-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-velocity@15.9-rc-1"}],"aliases":["CVE-2024-31996","GHSA-hf43-47q4-fhq5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7sjf-a9xa-bydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173477?format=json","vulnerability_id":"VCID-tnrw-94ss-73cj","summary":"APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24897","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55906","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24897"},{"reference_url":"https://github.com/xwiki/xwiki-commons","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xwiki/xwiki-commons"},{"reference_url":"https://github.com/xwiki/xwiki-commons/pull/127","reference_id":"127","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:18Z/"}],"url":"https://github.com/xwiki/xwiki-commons/pull/127"},{"reference_url":"https://github.com/xwiki/xwiki-commons/commit/215951cfb0f808d0bf5b1097c9e7d1e503449ab8","reference_id":"215951cfb0f808d0bf5b1097c9e7d1e503449ab8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:18Z/"}],"url":"https://github.com/xwiki/xwiki-commons/commit/215951cfb0f808d0bf5b1097c9e7d1e503449ab8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24897","reference_id":"CVE-2022-24897","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24897"},{"reference_url":"https://github.com/advisories/GHSA-cvx5-m8vg-vxgc","reference_id":"GHSA-cvx5-m8vg-vxgc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cvx5-m8vg-vxgc"},{"reference_url":"https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-cvx5-m8vg-vxgc","reference_id":"GHSA-cvx5-m8vg-vxgc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:18Z/"}],"url":"https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-cvx5-m8vg-vxgc"},{"reference_url":"https://jira.xwiki.org/browse/XWIKI-5168","reference_id":"XWIKI-5168","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:18Z/"}],"url":"https://jira.xwiki.org/browse/XWIKI-5168"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20354?format=json","purl":"pkg:maven/org.xwiki.commons/xwiki-commons-velocity@12.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7sjf-a9xa-bydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-velocity@12.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/20356?format=json","purl":"pkg:maven/org.xwiki.commons/xwiki-commons-velocity@12.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7sjf-a9xa-bydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-velocity@12.10.3"}],"aliases":["CVE-2022-24897","GHSA-cvx5-m8vg-vxgc","GMS-2022-1102"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnrw-94ss-73cj"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-velocity@5.0-milestone-2"}