CVE-2020-11976
published 2020-08-11CVE-2020-11976: By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | fortress | — | — |
| apache | wicket | < 7.17.0 | 7.17.0 |
| apache | wicket | — | — |
| apache | wicket | >= 8.0.0 < 8.9.0 | 8.9.0 |