VYPR
Moderate severityNVD Advisory· Published Jan 23, 2025· Updated Feb 4, 2025

Apache Wicket: An attacker can intentionally trigger a memory leak

CVE-2024-53299

Description

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.wicket:wicket-coreMaven
>= 7.0.0, < 8.17.08.17.0
org.apache.wicket:wicket-coreMaven
>= 10.0.0, < 10.3.010.3.0
org.apache.wicket:wicket-coreMaven
>= 9.0.0-M1, < 9.19.09.19.0

Affected products

4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.