← Volver a CVEs

CVE-2024-27439

MEDIUM

6.5

Descripcion

An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue.

Detalles CVE

Puntuacion CVSS v3.16.5

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado3/19/2024

Ultima modificacion6/27/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

apache:wicket

Debilidades (CWE)

CWE-352CWE-444

Referencias

http://www.openwall.com/lists/oss-security/2024/03/19/2(security@apache.org)

https://lists.apache.org/thread/o825rvjjtmz3qv21ps5k7m2w9193g1lo(security@apache.org)

http://www.openwall.com/lists/oss-security/2024/03/19/2(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread/o825rvjjtmz3qv21ps5k7m2w9193g1lo(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.