Moderate severityNVD Advisory· Published Jan 23, 2025· Updated Feb 4, 2025
Apache Wicket: An attacker can intentionally trigger a memory leak
CVE-2024-53299
Description
The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.wicket:wicket-coreMaven | >= 7.0.0, < 8.17.0 | 8.17.0 |
org.apache.wicket:wicket-coreMaven | >= 10.0.0, < 10.3.0 | 10.3.0 |
org.apache.wicket:wicket-coreMaven | >= 9.0.0-M1, < 9.19.0 | 9.19.0 |
Affected products
4- osv-coords3 versionspkg:apk/chainguard/geoserver-2.26-communitypkg:apk/chainguard/geoserver-2.26-dockerpkg:maven/org.apache.wicket/wicket-core
< 2.26.4-r0+ 2 more
- (no CPE)range: < 2.26.4-r0
- (no CPE)range: < 2.26.4-r0
- (no CPE)range: >= 7.0.0, < 8.17.0
- Apache Software Foundation/Apache Wicketv5Range: 7.0.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9cxr-76pm-j3wfghsaADVISORY
- lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-53299ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/01/22/12ghsaWEB
- wicket.apache.org/news/2025/01/31/wicket-8.17.0-released.htmlghsaWEB
News mentions
0No linked articles in our index yet.