By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2020-08-11T18:15:51
Updated: 2021-06-26T16:06:17
Reserved: 2020-04-21T00:00:00
Link: CVE-2020-11976
JSON object: View
NVD Information
Status : Modified
Published: 2020-08-11T19:15:17.220
Modified: 2023-11-07T03:15:16.920
Link: CVE-2020-11976
JSON object: View
Redhat Information
No data.
CWE