Earlier versions are affected too. Martin Grigorov Wicket Training and Consulting
On Fri, Feb 21, 2014 at 4:13 PM, Nick Pratt <[email protected]> wrote: > Martin > > Is this specific to 6.13 or does the problem exist in earlier Wicket > versions on the 6.x branch? > > Regards > > Nick > > > On Fri, Feb 21, 2014 at 7:49 AM, Martin Grigorov <[email protected] > >wrote: > > > Severity: Important > > > > Vendor: > > The Apache Software Foundation > > > > Affected versions: > > Apache Wicket 1.5.10 and 6.13.0 > > > > Description CVE-2014-0043< > > https://wicket.apache.org/2014/02/06/cve-2014-0043.html> > > : > > > > By issuing requests to special urls handled by Wicket it is possible to > > check for the existence of particular classes in the classpath and thus > > check whether a third party library with a known security vulnerability > is > > in use. > > > > The application developers are recommended to upgrade to: > > - Apache Wicket > > 1.5.11<https://wicket.apache.org/2014/02/06/wicket-1.5.11-released.html> > > - Apache Wicket > > 6.14.0<https://wicket.apache.org/2013/05/17/wicket-6.14.0-released.html> > > > > Credit: > > This issue was reported by Christian Schneider! > > > > Apache Wicket Team > > >
