oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-53299: Apache Wicket: An attacker can intentionally trigger a memory leak

From: Pedro Henrique Oliveira dos Santos <pedro () apache org>
Date: Wed, 22 Jan 2025 22:43:04 +0000
Severity: critical

Affected versions:

- Apache Wicket 7.0.0 through 7.18.*
- Apache Wicket 8.0.0-M1 through 8.16.*
- Apache Wicket 9.0.0-M1 through 9.18.*
- Apache Wicket 10.0.0-M1 through 10.2.*

Description:

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple 
requests to server resources.
Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

Credit:

Pedro Santos (finder)

References:

https://wicket.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-53299
Previous By Date Next
Previous By Thread Next

Current thread: