195 matches found
GHSA-HHWC-GH8H-9RRP Apache Wicket: Remote code execution via XSLT injection
The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...
Apache Wicket: Remote code execution via XSLT injection
The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...
CVE-2024-36522 Apache Wicket: Remote code execution via XSLT injection
The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...
CVE-2024-36522 Apache Wicket: Remote code execution via XSLT injection
The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...
Apache Wicket Injection Vulnerability
Apache Wicket is a set of open source, lightweight, component-based frameworks from the Apache Foundation that provide an object-oriented approach to developing dynamic Web-based UI applications. Apache Wicket suffers from an injection vulnerability that stems from the default configuration of...
The vulnerability of the Java-based web application framework Apache Wicket, related to improper code generation management, allows attackers to gain unauthorized access to protected information, execute arbitrary code, and gain full control over the application.
The vulnerability of the Java-based web application framework Apache Wicket is related to improper code generation management. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information, execute arbitrary code, and gain full contr...
PT-2024-4004 · Apache · Apache Wicket
Name of the Vulnerable Software and Affected Versions: Apache Wicket versions prior to 10.1.0 Apache Wicket versions prior to 9.18.0 Apache Wicket versions prior to 8.16.0 Description: The issue is related to incorrect code generation management in the Apache Wicket framework, allowing a remote...
The vulnerability of the Java-based web application framework Apache Wicket, related to the manipulation of cross-site requests, allows a hacker to perform a CSRF attack.
The vulnerability of the Java-based web application framework Apache Wicket relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created web page...
Cross-Site Request Forgery (CSRF)
Apache Wicket is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused due to an error in the evaluation of the fetch metadata headers within FetchMetadataResourceIsolationPolicy.java. This allows an attacker to bypass the Cross-Site Request Forgery CSRF protection mechanism...
CVE-2024-27439
A flaw was found in Apache Wicket. Under certain circumstances, this flaw allows an attacker to bypass Cross-Site Request Forgery CSRF protections...
GHSA-8VVP-525H-CXF9 Cross-Site Request Forgery in Apache Wicket
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...
Cross-Site Request Forgery in Apache Wicket
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...
CVE-2024-27439
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...
CVE-2024-27439 Apache Wicket: Possible bypass of CSRF protection
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...
CVE-2024-27439 Apache Wicket: Possible bypass of CSRF protection
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...
CVE-2024-27439
CVE-2024-27439 affects Apache Wicket. An error in the evaluation of the fetch metadata headers could allow bypassing CSRF protections. The issue is present in Wicket releases 9.1.0 through 9.16.0 and the milestone 10.0 series; Wicket 8.x is not affected. Upgrading to Wicket 9.17.0 or 10.0.0 fixes...
CVE-2024-27439 Apache Wicket: Possible bypass of CSRF protection
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...
Apache Wicket Environment Issue Vulnerability
Apache Wicket is a set of open source, lightweight, component-based frameworks from the Apache Foundation that provide an object-oriented approach to developing dynamic Web-based UI applications. An environmental issue vulnerability exists in Apache Wicket 9.1.0 through 9.16.0, versions prior to...
PT-2024-2472 · Apache · Apache Wicket
Name of the Vulnerable Software and Affected Versions: Apache Wicket versions 9.1.0 through 9.16.0 Apache Wicket milestone releases for the 10.0 series Description: The issue is related to a bypass of the CSRF protection in Apache Wicket due to an error in the evaluation of the fetch metadata...
GHSA-HMHG-95WH-R699 DNS based denial of service in Apache Wicket
A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to...