CVE-2021-23937
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
DNS based denial of service in Apache Wicket
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.wicket:wicket-core | >=9.0.0,<9.3.0 | 9.3.0 |
| Maven | org.apache.wicket:wicket-core | >=8.0.0,<8.12.0 | 8.12.0 |
| Maven | org.apache.wicket:wicket-core | <7.18.0 | 7.18.0 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-23937
- https://github.com/apache/wicket/commit/84f62a5cff462eaa3bfaf171b0638c7e7feea30d
- https://github.com/apache/wicket
- https://lists.apache.org/thread.html/r127c0c1f3cb71e5bc619ad1e4b898b97c49758d1f20a54042966473e@%3Cannounce.wicket.apache.org%3E
- https://lists.apache.org/thread.html/r127c0c1f3cb71e5bc619ad1e4b898b97c49758d1f20a54042966473e@%3Cusers.wicket.apache.org%3E
- https://lists.apache.org/thread.html/r8ccbd91b56ebf045d151bd4282bfeea7842a0698a0b76118fca8fe78@%3Cdev.wicket.apache.org%3E
- https://lists.apache.org/thread.html/rc2ef22f90793e158cef65a7e370cdbca023c499d1403d65feeca870d%40%3Cusers.wicket.apache.org%3E
- https://lists.apache.org/thread.html/rc2ef22f90793e158cef65a7e370cdbca023c499d1403d65feeca870d@%3Cusers.wicket.apache.org%3E
- https://lists.apache.org/thread.html/rce158bb896c9ef812393a11646fdef7b9023833e54854c4302ff7b70@%3Cdev.wicket.apache.org%3E
- https://lists.apache.org/thread.html/rce23bba1e11368f9f4cccce0e9b02b88dcdac4e4b2304e66bd098cf5@%3Cannounce.wicket.apache.org%3E
- http://www.openwall.com/lists/oss-security/2021/05/25/2
Verify integrity in audit chain (admin only). AS-IS.