VulnerableCode Package Details - pkg:maven/org.apache.wicket/wicket@10.0.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.wicket/wicket@10.0.0

Essentials
History (2)

purl	pkg:maven/org.apache.wicket/wicket@10.0.0

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-z6pn-4bzz-kkg1	Cross-Site Request Forgery in Apache Wicket An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue.	CVE-2024-27439 GHSA-8vvp-525h-cxf9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T01:02:32.351353+00:00	GHSA Importer	Fixing	VCID-z6pn-4bzz-kkg1	https://github.com/advisories/GHSA-8vvp-525h-cxf9	38.6.0
2026-05-30T21:03:38.739178+00:00	GitLab Importer	Fixing	VCID-z6pn-4bzz-kkg1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wicket/wicket/CVE-2024-27439.yml	38.6.0