CVE-2015-0249

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL). > MITRE Terms of Use apply – see LICENSE‑MITRE.txt