The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources.
Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

Affected Packages

Maven org.apache.wicket:wicket-core

Affected versions: 7.0.0 (fixed in 8.17.0)

Maven org.apache.wicket:wicket-core

Affected versions: 10.0.0 (fixed in 10.3.0)

Maven org.apache.wicket:wicket-core

Affected versions: 9.0.0-M1 (fixed in 9.19.0)

Related CVEs

CVE-2024-53299

Key Information

GHSA ID

GHSA-9cxr-76pm-j3wf

Published

January 23, 2025 9:31 AM

Last Modified

March 11, 2025 4:24 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.wicket:wicket-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 10, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.