Uploaded image for project: 'FORTRESS'
  1. FORTRESS
  2. FC-293

[fortress-web] CVE-2020-11976

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.5
    • 2.0.6
    • None

    Description

      CVE-2020-11976

      high severity
      Vulnerable versions: >= 8.0.0, < 8.9.0
      Patched version: 8.9.0
      By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5

      Attachments

        Activity

          People

            smckinney Shawn McKinney
            smckinney Shawn McKinney
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: