PT-2024-35717 · Apache · Apache Wicket
Pedro Henrique Oliveira Dos Santos
+1
·
Published
2024-11-20
·
Updated
2025-06-27
·
CVE-2024-53299
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Apache Wicket version 7.0.0
Apache Wicket versions prior to 9.19.0
Apache Wicket versions prior to 10.3.0
Description
The request handling in the core of Apache Wicket allows an attacker to create a denial of service (DOS) attack via multiple requests to server resources. This issue is caused by a flaw in the request handling mechanism, resulting in a memory leak. To fix this issue, users are recommended to upgrade to patched versions.
Recommendations
For Apache Wicket version 7.0.0, upgrade to version 9.19.0 or 10.3.0 to fix the issue.
For Apache Wicket versions prior to 9.19.0, upgrade to version 9.19.0 or later to fix the issue.
For Apache Wicket versions prior to 10.3.0, upgrade to version 10.3.0 or later to fix the issue.
Fix
DoS
Memory Leak
Improper Resource Release
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Wicket