CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-53299: Apache Wicket: An attacker can intentionally trigger a memory leak

Description

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources.
Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

Classification

CVE ID: CVE-2024-53299

Affected Products

Vendor: Apache Software Foundation

Product: Apache Wicket

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-21 (when was this score calculated)

References

https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5

Timeline

2025-01-23 23:15:19 UTC
Github Advisory Database (Maven)

[org.apache.wicket:wicket-core] Apache Wicket: An attacker can intentionally trigger a memory leak
2025-01-24 00:30:30 UTC
CVE

Apache Wicket: An attacker can intentionally trigger a memory leak