CVE-2020-11976

Summary

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5

Affected Software

VendorProductVersion RangeStatus
n/aApache WicketApache Wicket 7.16.0, 8.8.0, 9.0.0-M5affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References