[jira] [Created] (FC-293) [fortress-web] CVE-2020-11976

Shawn McKinney (Jira) Thu, 13 May 2021 09:17:03 -0700

Shawn McKinney created FC-293:
---------------------------------

             Summary: [fortress-web] CVE-2020-11976
                 Key: FC-293
                 URL: https://issues.apache.org/jira/browse/FC-293
             Project: FORTRESS
          Issue Type: Improvement
            Reporter: Shawn McKinney



h5. [CVE-2020-11976|https://github.com/advisories/GHSA-64gv-3pqv-299h]
 high severity 
*Vulnerable versions:* >= 8.0.0, < 8.9.0
*Patched version:* 8.9.0
By crafting a special URL it is possible to make Wicket deliver unprocessed 
HTML templates. This would allow an attacker to see possibly sensitive 
information inside a HTML template that is usually removed during rendering. 
Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Created] (FC-293) [fortress-web] CVE-2020-11976

Reply via email to