Severity: critical Affected versions:
- Apache Wicket 7.0.0 through 7.18.* - Apache Wicket 8.0.0-M1 through 8.16.* - Apache Wicket 9.0.0-M1 through 9.18.* - Apache Wicket 10.0.0-M1 through 10.2.* Description: The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue. Credit: (finder) References: https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5 https://wicket.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-53299
