USN-6281-1: Velocity Engine vulnerability
Alvaro Munoz discovered that Velocity Engine incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to execute
arbitrary code.
Source: USN-6281-1: Velocity Engine vulnerability