Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/65522?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65522?format=api", "vulnerability_id": "VCID-2w3q-f5uq-sbau", "summary": "FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName\n before constructing file paths, allowing an unauthenticated attacker to\n write arbitrary files outside the intended upload directory or read \nfiles from arbitrary locations on the server.\n\nThis issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0.\n\nUsers are recommended to upgrade to version 10.9.0, which fixes the issue.", "aliases": [ { "alias": "CVE-2026-43975" }, { "alias": "GHSA-3gmf-p6r4-q8m6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1060172?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.18.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.18.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060191?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.23.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.23.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/375950?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.9.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.9.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/561328?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.0.0-M1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-w2t8-hjva-qubh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.0.0-M1" }, { "url": "http://public2.vulnerablecode.io/api/packages/386499?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.0.0-M2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.0.0-M2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060162?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.0.0-M3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.0.0-M3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060163?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.0.0-M4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.0.0-M4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060164?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.0.0-M5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.0.0-M5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060165?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.0.0-M6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.0.0-M6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060166?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.0.0-M7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.0.0-M7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060167?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.0.0-M8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.0.0-M8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060168?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.0.0-M9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.0.0-M9" }, { "url": "http://public2.vulnerablecode.io/api/packages/23406?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1t77-srgg-nkfw" }, { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504970?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504971?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504972?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504973?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504974?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504975?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504976?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/504977?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/466519?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1t77-srgg-nkfw" }, { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/383588?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504978?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504979?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/23407?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060169?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060170?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.14.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.14.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060171?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.15.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.15.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/729298?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.16.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/377071?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@8.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@8.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/383589?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.0.0-M1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1t77-srgg-nkfw" }, { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-vduv-s1fd-wqg1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.0.0-M1" }, { "url": "http://public2.vulnerablecode.io/api/packages/383590?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.0.0-M2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1t77-srgg-nkfw" }, { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.0.0-M2" }, { "url": "http://public2.vulnerablecode.io/api/packages/383591?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.0.0-M3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1t77-srgg-nkfw" }, { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.0.0-M3" }, { "url": "http://public2.vulnerablecode.io/api/packages/383592?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.0.0-M4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1t77-srgg-nkfw" }, { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.0.0-M4" }, { "url": "http://public2.vulnerablecode.io/api/packages/383593?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.0.0-M5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1t77-srgg-nkfw" }, { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.0.0-M5" }, { "url": "http://public2.vulnerablecode.io/api/packages/23404?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1t77-srgg-nkfw" }, { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/466520?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504980?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-dv5f-29j2-cub5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/23405?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060173?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060174?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060175?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060176?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060177?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060178?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060179?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060180?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060181?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060182?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060183?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060184?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.14.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.14.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060185?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.15.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.15.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060186?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.16.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060187?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/729299?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.18.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/377073?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.19.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060188?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.20.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.20.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060189?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.21.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.21.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060190?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@9.22.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@9.22.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060192?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.0.0-M1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.0.0-M1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060193?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.0.0-M2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.0.0-M2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060194?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" }, { "vulnerability": "VCID-vduv-s1fd-wqg1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/729300?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060195?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/377072?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060196?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060197?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060198?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060199?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060200?format=api", "purl": "pkg:maven/org.apache.wicket/wicket-core@10.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2w3q-f5uq-sbau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.wicket/wicket-core@10.8.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77892", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77898", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77905", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77824", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43975" }, { "reference_url": "https://github.com/apache/wicket", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/wicket" }, { "reference_url": "https://github.com/apache/wicket/commit/72470983f689c61e6a6c0b7388ef955f23bb1e16", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/wicket/commit/72470983f689c61e6a6c0b7388ef955f23bb1e16" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43975", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43975" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/06/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/06/4" }, { "reference_url": "https://github.com/apache/wicket/pull/1432", "reference_id": "1432", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T13:05:40Z/" } ], "url": "https://github.com/apache/wicket/pull/1432" }, { "reference_url": "https://github.com/advisories/GHSA-3gmf-p6r4-q8m6", "reference_id": "GHSA-3gmf-p6r4-q8m6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gmf-p6r4-q8m6" }, { "reference_url": "https://lists.apache.org/thread/xp2jrdk6ppv1zcmxb4w1mk2lg1dw3hbr", "reference_id": "xp2jrdk6ppv1zcmxb4w1mk2lg1dw3hbr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T13:05:40Z/" } ], "url": "https://lists.apache.org/thread/xp2jrdk6ppv1zcmxb4w1mk2lg1dw3hbr" } ], "weaknesses": [ { "cwe_id": 22, "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2w3q-f5uq-sbau" }