Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1xN3d4LW1oeDQtanI4cc4AAQz8

Apache Wicket Sensitive Data Exposure

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

Permalink: https://github.com/advisories/GHSA-q7wx-mhx4-jr8q
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xN3d4LW1oeDQtanI4cc4AAQz8
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 9 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-q7wx-mhx4-jr8q, CVE-2014-3526
References:

Blast Radius: 24.1

Affected Packages

maven:org.apache.wicket:wicket-core

Dependent packages: 420
Dependent repositories: 1,626
Downloads:
Affected Version Ranges: >= 7.0.0-M1, < 7.0.0-M3, >= 6.0, < 6.17.0, < 1.5.12
Fixed in: 7.0.0-M3, 6.17.0, 1.5.12
All affected versions: 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 6.0.0, 6.1.0, 6.1.1, 6.2.0, 6.3.0, 6.4.0, 6.5.0, 6.6.0, 6.7.0, 6.8.0, 6.9.0, 6.9.1, 6.10.0, 6.11.0, 6.12.0, 6.13.0, 6.14.0, 6.15.0, 6.16.0, 7.0.0-M1, 7.0.0-M2
All unaffected versions: 1.5.12, 1.5.13, 1.5.14, 1.5.15, 1.5.16, 1.5.17, 6.17.0, 6.18.0, 6.19.0, 6.20.0, 6.21.0, 6.22.0, 6.23.0, 6.24.0, 6.25.0, 6.26.0, 6.27.0, 6.27.1, 6.28.0, 6.29.0, 6.30.0, 7.0.0, 7.1.0, 7.2.0, 7.3.0, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.8.0, 7.9.0, 7.10.0, 7.11.0, 7.12.0, 7.13.0, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.6.1, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.9.1, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, 9.15.0, 9.16.0, 9.17.0, 10.0.0