Cigar

**Name of the Vulnerable Software and Affected Versions** Apache Wicket versions prior to 10.1.0 Apache Wicket versions prior to 9.18.0 Apache Wicket versions prior to 8.16.0 **Description** The issue is related to incorrect code generation management in the Apache Wicket framework, allowing a remote attacker to gain unauthorized access to protected information, execute arbitrary code, and gain full control over the application. The vulnerability is also described as a remote code execution issue via XSLT injection when processing input from an untrusted source without validation. **Recommendations** For versions prior to 10.1.0, upgrade to version 10.1.0 to fix the issue. For versions prior to 9.18.0, upgrade to version 9.18.0 to fix the issue. For versions prior to 8.16.0, upgrade to version 8.16.0 to fix the issue. As a temporary workaround, consider restricting the use of the `XSLTResourceStream.java` component until a patch is available. Avoid using the `XSLTResourceStream.java` component to process input from untrusted sources without validation until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apache Karaf Cave versions all **Description** The issue is related to an Improper Input Validation vulnerability. This vulnerability only affects products that are no longer supported by the maintainer. Users are recommended to find an alternative or restrict access to the instance to trusted users. **Recommendations** As a temporary workaround, consider restricting access to the instance to trusted users until an alternative solution is found. Find an alternative to Apache Karaf Cave, as the project is retired and no fix will be released.