Apache Wicket Vulnerability

Issue date: 07-05-2025
Affects versions: 15.7

Security Issue ID

SECURITY-592

Affected Product Version(s)

15.7.1 (and previous patch releases)

Severity

High

Description

CVE-2024-53299

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

CVSS v3 Base Score: N/A

CWE-400: Uncontrolled Resource Consumption

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 15.7.2 or 16.3.0.

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Deploy in BloomReach Cloud

Use Blue-Green Deployment in BloomReach Cloud

Understand

Implement

Extend

Integrate

Run

Upgrade

Develop

Use

Bloomreach Documentation version

Apache Wicket Vulnerability