Allocation of Resources Without Limits or Throttling Affecting org.apache.wicket:wicket-core package, versions [7.0.0-M1,9.19.0)[10.0.0-M1,10.3.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Allocation of Resources Without Limits or Throttling vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-JAVA-ORGAPACHEWICKET-8660754
- published24 Jan 2025
- disclosed23 Jan 2025
- creditPedro Santos
Introduced: 23 Jan 2025
NewCVE-2024-53299 (opens in a new tab)How to fix?
Upgrade org.apache.wicket:wicket-core to version 9.19.0, 10.3.0 or higher.
Overview
org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing and form handling is all handled in Java code using a first-class component model backed by POJO data beans that can easily be persisted using your favorite technology.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to a memory leak that can be triggered by an attacker sending multiple simultaneous requests to the server.