CVE-2024-53299

CVE-2024-53299: Apache Wicket: An attacker can intentionally trigger a memory leak

Vendor Apache Software Foundation

Product Apache Wicket

Weakness CWE-400

Published January 23, 2025

Last update February 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

Key dates

Disclosure timeline

January 23, 2025 CVE published

February 4, 2025 Record updated

Identifiers

CVE CVE-2024-53299

CWE CWE-400

Affected versions

Vendor Apache Software Foundation

Product Apache Wicket

Affected ≥ 7.0.0 and ≤ 7.18.*

Vendor Apache Software Foundation

Product Apache Wicket

Affected ≥ 8.0.0-M1 and ≤ 8.16.*

Vendor Apache Software Foundation

Product Apache Wicket

Affected ≥ 9.0.0-M1 and ≤ 9.18.*

Vendor Apache Software Foundation

Product Apache Wicket

Affected ≥ 10.0.0-M1 and ≤ 10.2.*