Vulnerabilities > Apache > Wicket > 7.16.0

DATE CVE VULNERABILITY TITLE RISK
2021-05-25 CVE-2021-23937 Information Exposure vulnerability in Apache Wicket
A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized.
network
low complexity
apache CWE-200
7.5
7.5
2020-08-11 CVE-2020-11976 Files or Directories Accessible to External Parties vulnerability in Apache Fortress and Wicket
By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates.
network
low complexity
apache CWE-552
7.5
7.5