Shawn Mckinney

**Name of the Vulnerable Software and Affected Versions** Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5 **Description** The issue allows an attacker to obtain unprocessed HTML templates by crafting a special URL, potentially exposing sensitive information that is usually removed during rendering. **Recommendations** For Apache Wicket version 7.16.0, update to a version that includes the fix for this issue. For Apache Wicket version 8.8.0, update to a version that includes the fix for this issue. For Apache Wicket version 9.0.0-M5, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive HTML templates until a patch is available.