Vulnerabilities > Apache > Wicket > 7.4.0

DATE CVE VULNERABILITY TITLE RISK
2021-05-25 CVE-2021-23937 Information Exposure vulnerability in Apache Wicket
A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized.
network
low complexity
apache CWE-200
7.5
7.5
2020-08-11 CVE-2020-11976 Files or Directories Accessible to External Parties vulnerability in Apache Fortress and Wicket
By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates.
network
low complexity
apache CWE-552
7.5
7.5
2017-10-03 CVE-2016-6806 Cross-Site Request Forgery (CSRF) vulnerability in Apache Wicket
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests.
network
low complexity
apache CWE-352
8.8
8.8