Amazon Linux 2 Security Advisory: ALAS-2021-1690
Advisory Release Date: 2021-07-14 20:45 Pacific
Advisory Updated Date: 2021-07-15 21:38 Pacific
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-13936)
Run yum update velocity to update your system.