CVE-2014-0043 – org.apache.wicket:wicket-core

Package

Manager: maven
Name: org.apache.wicket:wicket-core
Vulnerable Version: >=1.5-rc1 <1.5.11 || >=6.0.0-beta1 <6.14.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00786 pctl0.72916

Details

Apache Wicket allows attackers to check for third-party libraries In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

Metadata

Created: 2022-05-17T00:33:50Z
Modified: 2025-04-23T02:20:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-244g-8368-6wr9/GHSA-244g-8368-6wr9.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-244g-8368-6wr9
Finding: F038
Auto approve: 1