CVE-2024-27439: Apache Wicket: Possible bypass of CSRF protection

CVE-2024-27439: Apache Wicket: Possible bypass of CSRF protection

Open Source Security [[{„value“:“

Posted by Emond Papegaaij on Mar 19

Severity: moderate

Affected versions:

– Apache Wicket 9.1.0 through 9.16.0
– Apache Wicket 10.0.0-M1 before 10.0.0

Description:

An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket.
This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series.
Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert