Summary: A critical security vulnerability (CVE-2024-53299) has been discovered in Apache Wicket, a Java-based web application framework, allowing attackers to exploit a memory leak that can result in denial-of-service (DoS) attacks. This flaw affects multiple versions of Apache Wicket, enabling attackers to make applications unresponsive, jeopardizing business operations. The Apache Wicket team has released patched versions, urging users to upgrade immediately to mitigate the risk.
Affected: Apache Wicket framework (versions 7.0.0 – 7.18.*, 8.0.0-M1 – 8.16.*, 9.0.0-M1 – 9.18.*, 10.0.0-M1 – 10.2.*)
Keypoints :
- The vulnerability can be exploited by attackers to trigger a memory leak in the server.
- Affected versions range from Wicket 7.0.0 to 10.2.*, making it widespread.
- Users are encouraged to upgrade to patched versions 9.19.0 and 10.3.0 to prevent exploitation.