Search for packages
| purl | pkg:maven/org.apache.wicket/wicket@9.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1yw9-1cng-3fey
Aliases: CVE-2021-23937 GHSA-hmhg-95wh-r699 |
Affected by 1 other vulnerability. |
|
|
VCID-z6pn-4bzz-kkg1
Aliases: CVE-2024-27439 GHSA-8vvp-525h-cxf9 |
Cross-Site Request Forgery in Apache Wicket An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-01T06:11:07.086517+00:00 | GitLab Importer | Affected by | VCID-1yw9-1cng-3fey | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wicket/wicket/CVE-2021-23937.yml | 38.6.0 |
| 2026-05-31T01:02:32.313430+00:00 | GHSA Importer | Affected by | VCID-z6pn-4bzz-kkg1 | https://github.com/advisories/GHSA-8vvp-525h-cxf9 | 38.6.0 |
| 2026-05-30T21:03:38.718949+00:00 | GitLab Importer | Affected by | VCID-z6pn-4bzz-kkg1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wicket/wicket/CVE-2024-27439.yml | 38.6.0 |