Apache Wicket
By the Year
In 2024 there have been 0 vulnerabilities in Apache Wicket . Wicket did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.50 |
| 2020 | 1 | 7.50 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Wicket vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Wicket Security Vulnerabilities
A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket
CVE-2021-23937
7.5 - High
- May 25, 2021
A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to slow down request processing of the Apache Wicket application causing a possible denial of service on either the internal infrastructure or the web application itself. This issue affects Apache Wicket Apache Wicket 9.x version 9.2.0 and prior versions; Apache Wicket 8.x version 8.11.0 and prior versions; Apache Wicket 7.x version 7.17.0 and prior versions and Apache Wicket 6.x version 6.2.0 and later versions.
Information Disclosure
By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates
CVE-2020-11976
7.5 - High
- August 11, 2020
By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5
Files or Directories Accessible to External Parties
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Fortress or by Apache? Click the Watch button to subscribe.
