Lucene search
+L

195 matches found

osv
osv
added 2024/07/12 3:31 p.m.45 views

GHSA-HHWC-GH8H-9RRP Apache Wicket: Remote code execution via XSLT injection

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...

9.8CVSS10AI score0.02127EPSS
Exploits0References4
github
github
added 2024/07/12 3:31 p.m.34 views

Apache Wicket: Remote code execution via XSLT injection

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...

9.8CVSS8AI score0.02127EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2024/07/12 12:13 p.m.66 views

CVE-2024-36522 Apache Wicket: Remote code execution via XSLT injection

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...

0.02127EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/07/12 12:13 p.m.33 views

CVE-2024-36522 Apache Wicket: Remote code execution via XSLT injection

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...

8.1AI score0.02127EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/07/12 12:0 a.m.5 views

Apache Wicket Injection Vulnerability

Apache Wicket is a set of open source, lightweight, component-based frameworks from the Apache Foundation that provide an object-oriented approach to developing dynamic Web-based UI applications. Apache Wicket suffers from an injection vulnerability that stems from the default configuration of...

9.8CVSS8.4AI score0.02127EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2024/06/07 12:0 a.m.8 views

The vulnerability of the Java-based web application framework Apache Wicket, related to improper code generation management, allows attackers to gain unauthorized access to protected information, execute arbitrary code, and gain full control over the application.

The vulnerability of the Java-based web application framework Apache Wicket is related to improper code generation management. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information, execute arbitrary code, and gain full contr...

10CVSS5.9AI score0.02127EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2024/05/27 12:0 a.m.12 views

PT-2024-4004 · Apache · Apache Wicket

Name of the Vulnerable Software and Affected Versions: Apache Wicket versions prior to 10.1.0 Apache Wicket versions prior to 9.18.0 Apache Wicket versions prior to 8.16.0 Description: The issue is related to incorrect code generation management in the Apache Wicket framework, allowing a remote...

9.8CVSS8AI score0.02127EPSS
Exploits0References15
bdu_fstec
bdu_fstec
added 2024/04/02 12:0 a.m.8 views

The vulnerability of the Java-based web application framework Apache Wicket, related to the manipulation of cross-site requests, allows a hacker to perform a CSRF attack.

The vulnerability of the Java-based web application framework Apache Wicket relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created web page...

8.1CVSS6.8AI score0.00681EPSS
Exploits0References4Affected Software1
veracode
veracode
added 2024/03/21 5:49 a.m.33 views

Cross-Site Request Forgery (CSRF)

Apache Wicket is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused due to an error in the evaluation of the fetch metadata headers within FetchMetadataResourceIsolationPolicy.java. This allows an attacker to bypass the Cross-Site Request Forgery CSRF protection mechanism...

6.5CVSS6.9AI score0.00681EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2024/03/19 5:26 p.m.45 views

CVE-2024-27439

A flaw was found in Apache Wicket. Under certain circumstances, this flaw allows an attacker to bypass Cross-Site Request Forgery CSRF protections...

8.1CVSS7AI score0.00681EPSS
Exploits0References4
osv
osv
added 2024/03/19 12:30 p.m.20 views

GHSA-8VVP-525H-CXF9 Cross-Site Request Forgery in Apache Wicket

An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...

6.5CVSS6.8AI score0.00681EPSS
Exploits0References4
github
github
added 2024/03/19 12:30 p.m.24 views

Cross-Site Request Forgery in Apache Wicket

An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...

6.5CVSS6.8AI score0.00681EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2024/03/19 11:15 a.m.28 views

CVE-2024-27439

An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...

6.5CVSS6.6AI score0.00681EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/03/19 11:7 a.m.16 views

CVE-2024-27439 Apache Wicket: Possible bypass of CSRF protection

An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...

6.9AI score0.00681EPSS
Exploits0References2
cvelist
cvelist
added 2024/03/19 11:7 a.m.33 views

CVE-2024-27439 Apache Wicket: Possible bypass of CSRF protection

An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...

6.9AI score0.00681EPSS
Exploits0References2
cve
cve
added 2024/03/19 11:7 a.m.90 views

CVE-2024-27439

CVE-2024-27439 affects Apache Wicket. An error in the evaluation of the fetch metadata headers could allow bypassing CSRF protections. The issue is present in Wicket releases 9.1.0 through 9.16.0 and the milestone 10.0 series; Wicket 8.x is not affected. Upgrading to Wicket 9.17.0 or 10.0.0 fixes...

6.5CVSS6.8AI score0.00681EPSS
Exploits0References2Affected Software1
osv
osv
added 2024/03/19 11:7 a.m.5 views

CVE-2024-27439 Apache Wicket: Possible bypass of CSRF protection

An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...

6.5CVSS6.9AI score0.00681EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/03/19 12:0 a.m.6 views

Apache Wicket Environment Issue Vulnerability

Apache Wicket is a set of open source, lightweight, component-based frameworks from the Apache Foundation that provide an object-oriented approach to developing dynamic Web-based UI applications. An environmental issue vulnerability exists in Apache Wicket 9.1.0 through 9.16.0, versions prior to...

6.5CVSS6.7AI score0.00681EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/03/19 12:0 a.m.9 views

PT-2024-2472 · Apache · Apache Wicket

Name of the Vulnerable Software and Affected Versions: Apache Wicket versions 9.1.0 through 9.16.0 Apache Wicket milestone releases for the 10.0 series Description: The issue is related to a bypass of the CSRF protection in Apache Wicket due to an error in the evaluation of the fetch metadata...

7.6CVSS6.8AI score0.00681EPSS
Exploits0References16
osv
osv
added 2022/05/24 7:3 p.m.25 views

GHSA-HMHG-95WH-R699 DNS based denial of service in Apache Wicket

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to...

7.5CVSS7.5AI score0.0426EPSS
Exploits0References11
Rows per page
Query Builder