Pedro Santos

**Name of the Vulnerable Software and Affected Versions** Apache Wicket version 7.0.0 Apache Wicket versions prior to 9.19.0 Apache Wicket versions prior to 10.3.0 **Description** The request handling in the core of Apache Wicket allows an attacker to create a denial of service (DOS) attack via multiple requests to server resources. This issue is caused by a flaw in the request handling mechanism, resulting in a memory leak. To fix this issue, users are recommended to upgrade to patched versions. **Recommendations** For Apache Wicket version 7.0.0, upgrade to version 9.19.0 or 10.3.0 to fix the issue. For Apache Wicket versions prior to 9.19.0, upgrade to version 9.19.0 or later to fix the issue. For Apache Wicket versions prior to 10.3.0, upgrade to version 10.3.0 or later to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Wicket versions 6.x before 6.25.0 Apache Wicket versions 1.5.x before 1.5.17 **Description** The issue allows remote attackers to cause a denial of service, write to, move, and delete files with certain permissions. In specific environments, it may also allow the execution of arbitrary code via a crafted serialized Java object. **Recommendations** For Apache Wicket versions 6.x before 6.25.0, update to version 6.25.0 or later. For Apache Wicket versions 1.5.x before 1.5.17, update to version 1.5.17 or later.