CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
org.apache.wicket: wicket-core is vulnerable to Remote Code Execution (RCE). The vulnerability is due to unsafe default XML parsing configuration, allowing attackers to inject malicious code that can execute arbitrary commands on the server through a crafted XSLT document.
www.openwall.com/lists/oss-security/2024/07/12/2
github.com/advisories/GHSA-hhwc-gh8h-9rrp
github.com/apache/wicket/commit/3119dc5ec33cc200f8b5410af44f68dc01c0598d
github.com/apache/wicket/commit/bc7dcc3f5bfbb3a41ab407d53ba5e0af3d3453a0
github.com/apache/wicket/commit/d1f6e5c08875916d0308e3cb8d11db600fd7426b
lists.apache.org/thread/w613qh7yors840pbx00l1pq6wkl9jzkc
www.openwall.com/lists/oss-security/2024/07/12/2