By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an malicious user to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache wicket 9.0.0 |
||
apache fortress 2.0.5 |
||
apache wicket |