Homepage

org.apache.wicket:wicket-core@1.5-RC4.2 vulnerabilities

  • latest version

    10.3.0

  • latest non vulnerable version

    10.3.0

  • first published

    14 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.apache.wicket:wicket-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Information Exposure

    org.apache.wicket:wicket-core Affected versions of the package are vulnerable to Information Exposure. By issuing requests to special urls handled by Wicket it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

    [,1.5.11)[6.0.0,6.14.0)
    • H
    Inadequate Encryption Strength

    org.apache.wicket:wicket-core Affected versions of the package are vulnerable to Inadequate Encryption Strength. With Wicket's default security settings the usage of CryptoMapper to encrypt/obfuscate pages' urls is not strong enough. It is possible to predict the encrypted version of an url based on the previous history.

    [,1.5.13)[6.0.0,6.19.0)[7-alpha,7.0.0-M5)
    • H
    Information Exposure

    org.apache.wicket:wicket-core Affected versions of the package are vulnerable to Information Exposure during the Session Handling process.

    [,1.5.12)[6.0.0,6.16.0)[7-alpha,7.0.0-M3)
    Go back to all versions of this package