CVE-2020-11976

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/08/2020
Last modified:
17/06/2026

Description

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:fortress:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:* 7.17.0 (excluding)
cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:* 8.0.0 (including) 8.9.0 (excluding)
cpe:2.3:a:apache:wicket:9.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:wicket:9.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:wicket:9.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:wicket:9.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:wicket:9.0.0:milestone5:*:*:*:*:*:*


References to Advisories, Solutions, and Tools