Apache Wicket: An attacker can intentionally trigger a memory leak

GHSA-9cxr-76pm-j3wf · CVE-2024-53299

Published Jan 23, 2025 · Modified Mar 11, 2025

Description

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources.
Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-53299
PACKAGE https://github.com/apache/wicket
WEB https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5
WEB https://wicket.apache.org/news/2025/01/31/wicket-8.17.0-released.html
WEB http://www.openwall.com/lists/oss-security/2025/01/22/12

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes