Openmrs · Openmrs Htmlformentry Module · CVE-2020-24621
**Name of the Vulnerable Software and Affected Versions**
OpenMRS htmlformentry module versions prior to 3.11.0
**Description**
A remote code execution issue was discovered, allowing a malicious Velocity Template Language file to be written to a directory through path traversal. This file could then be accessed and executed.
**Recommendations**
For versions prior to 3.11.0, update to version 3.11.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Velocity Template Language files to minimize the risk of exploitation.