GHSA-244g-8368-6wr9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-244g-8368-6wr9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-244g-8368-6wr9/GHSA-244g-8368-6wr9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-244g-8368-6wr9
- Aliases
-
- CVE-2014-0043
- Published
- 2022-05-17T00:33:50Z
- Modified
- 2025-04-23T02:57:31.942084Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Apache Wicket allows attackers to check for third-party libraries
- Details
-
In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.
- Database specific
{ "cwe_ids": [ "CWE-200" ], "github_reviewed_at": "2025-04-23T02:20:00Z", "nvd_published_at": "2017-10-03T01:29:00Z", "severity": "MODERATE", "github_reviewed": true }- References
Affected packages
Maven / org.apache.wicket:wicket-core
Package
- Name
- org.apache.wicket:wicket-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.wicket/wicket-core
Maven / org.apache.wicket:wicket-core
Package
- Name
- org.apache.wicket:wicket-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.wicket/wicket-core