CVE-2024-53299
published 2025-01-23CVE-2024-53299: The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources.
Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | wicket | >= 10.0.0 < 10.3.0 | 10.3.0 |
| apache | wicket | 7.0.0 – 7.18.0 | — |
| apache | wicket | 8.0.0 – 8.16.0 | — |
| apache | wicket | >= 9.0.0 < 9.19.0 | 9.19.0 |
| apache_software_foundation | apache_wicket | 10.0.0-M1 – 10.2.* | — |
| apache_software_foundation | apache_wicket | 7.0.0 – 7.18.* | — |
| apache_software_foundation | apache_wicket | 8.0.0-M1 – 8.16.* | — |
| apache_software_foundation | apache_wicket | 9.0.0-M1 – 9.18.* | — |