cvelistv5 - cve-2020-11976

CVE-2020-11976 (GCVE-0-2020-11976)

Vulnerability from cvelistv5 – Published: 2020-08-11 18:15 – Updated: 2024-08-04 11:48

Summary

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread.html/r104eeefeb1e…	x_refsource_MISC
	https://lists.apache.org/thread.html/rd0f36b83cc9…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r982c626dbce…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r05340178680…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/reb7ea8141c7…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd26cae6e30b…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rdec0a43afdc…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/re4af65851bf…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	Apache Wicket	Affected: Apache Wicket 7.16.0, 8.8.0, 9.0.0-M5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E"
          },
          {
            "name": "[directory-commits] 20210513 [directory-fortress-commander] branch master updated: FC-293 - CVE-2020-11976 - upgrade wicket core -\u003e 8.9.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210513 [jira] [Created] (FC-293) [fortress-web] CVE-2020-11976",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210514 [jira] [Closed] (FC-293) [fortress-web] CVE-2020-11976",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210626 [jira] [Updated] (FC-293) [fortress-web] CVE-2020-11976",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210626 [jira] [Resolved] (FC-293) [fortress-web] CVE-2020-11976",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210626 [jira] [Closed] (FC-293) [fortress-web] CVE-2020-11976",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210626 [jira] [Reopened] (FC-293) [fortress-web] CVE-2020-11976",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Wicket",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Wicket 7.16.0, 8.8.0, 9.0.0-M5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-26T16:06:17",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E"
        },
        {
          "name": "[directory-commits] 20210513 [directory-fortress-commander] branch master updated: FC-293 - CVE-2020-11976 - upgrade wicket core -\u003e 8.9.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E"
        },
        {
          "name": "[directory-dev] 20210513 [jira] [Created] (FC-293) [fortress-web] CVE-2020-11976",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E"
        },
        {
          "name": "[directory-dev] 20210514 [jira] [Closed] (FC-293) [fortress-web] CVE-2020-11976",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E"
        },
        {
          "name": "[directory-dev] 20210626 [jira] [Updated] (FC-293) [fortress-web] CVE-2020-11976",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E"
        },
        {
          "name": "[directory-dev] 20210626 [jira] [Resolved] (FC-293) [fortress-web] CVE-2020-11976",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E"
        },
        {
          "name": "[directory-dev] 20210626 [jira] [Closed] (FC-293) [fortress-web] CVE-2020-11976",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E"
        },
        {
          "name": "[directory-dev] 20210626 [jira] [Reopened] (FC-293) [fortress-web] CVE-2020-11976",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-11976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Wicket",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Wicket 7.16.0, 8.8.0, 9.0.0-M5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E"
            },
            {
              "name": "[directory-commits] 20210513 [directory-fortress-commander] branch master updated: FC-293 - CVE-2020-11976 - upgrade wicket core -\u003e 8.9.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7@%3Ccommits.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210513 [jira] [Created] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19@%3Cdev.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210514 [jira] [Closed] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49@%3Cdev.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210626 [jira] [Updated] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1@%3Cdev.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210626 [jira] [Resolved] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22@%3Cdev.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210626 [jira] [Closed] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff@%3Cdev.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210626 [jira] [Reopened] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923@%3Cdev.directory.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-11976",
    "datePublished": "2020-08-11T18:15:51",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:57.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:fortress:2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1E8415A-630F-49E7-884B-7709152FCC1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.17.0\", \"matchCriteriaId\": \"78B9CFEA-EB05-4194-AD11-E9FE027E8672\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.9.0\", \"matchCriteriaId\": \"433CC8EE-1FF6-4775-8BB3-C2856D0D6C84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:wicket:9.0.0:milestone1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AF306D2-9108-49E8-993F-41D3727A0928\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:wicket:9.0.0:milestone2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5FEF5B5-EF69-4BD4-BACD-48B2997F1C31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:wicket:9.0.0:milestone3:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6150044-BE40-41C8-AE2A-4467FB112979\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:wicket:9.0.0:milestone4:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FC13E6E-5635-4A6F-809D-FF6E82105D25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:wicket:9.0.0:milestone5:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEEA9DE0-E0C9-4840-9928-A079136324F0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5\"}, {\"lang\": \"es\", \"value\": \"Al crear una URL especial, es posible hacer que Wicket entregue plantillas HTML no procesadas. Esto permitir\\u00eda a un atacante visualizar informaci\\u00f3n posiblemente confidencial dentro de una plantilla HTML que es com\\u00fanmente eliminada durante la renderizaci\\u00f3n. Est\\u00e1n afectadas las versiones 7.16.0, 8.8.0 y 9.0.0-M5 de Apache Wicket\"}]",
      "id": "CVE-2020-11976",
      "lastModified": "2024-11-21T04:59:01.770",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-08-11T19:15:17.220",
      "references": "[{\"url\": \"https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-552\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-11976\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2020-08-11T19:15:17.220\",\"lastModified\":\"2024-11-21T04:59:01.770\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5\"},{\"lang\":\"es\",\"value\":\"Al crear una URL especial, es posible hacer que Wicket entregue plantillas HTML no procesadas. Esto permitir\u00eda a un atacante visualizar informaci\u00f3n posiblemente confidencial dentro de una plantilla HTML que es com\u00fanmente eliminada durante la renderizaci\u00f3n. Est\u00e1n afectadas las versiones 7.16.0, 8.8.0 y 9.0.0-M5 de Apache Wicket\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:fortress:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1E8415A-630F-49E7-884B-7709152FCC1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.17.0\",\"matchCriteriaId\":\"78B9CFEA-EB05-4194-AD11-E9FE027E8672\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.9.0\",\"matchCriteriaId\":\"433CC8EE-1FF6-4775-8BB3-C2856D0D6C84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:wicket:9.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF306D2-9108-49E8-993F-41D3727A0928\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:wicket:9.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5FEF5B5-EF69-4BD4-BACD-48B2997F1C31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:wicket:9.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6150044-BE40-41C8-AE2A-4467FB112979\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:wicket:9.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FC13E6E-5635-4A6F-809D-FF6E82105D25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:wicket:9.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEEA9DE0-E0C9-4840-9928-A079136324F0\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-64GV-3PQV-299H

Vulnerability from github – Published: 2021-05-07 15:54 – Updated: 2021-05-05 22:31

Summary

Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M1"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.0-M1"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M2"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.0-M2"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M3"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.0-M3"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M4"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.0-M4"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M5"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.0-M5"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-11976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-05T22:31:00Z",
    "nvd_published_at": "2020-08-11T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5",
  "id": "GHSA-64gv-3pqv-299h",
  "modified": "2021-05-05T22:31:00Z",
  "published": "2021-05-07T15:54:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11976"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49@%3Cdev.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19@%3Cdev.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7@%3Ccommits.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22@%3Cdev.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff@%3Cdev.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923@%3Cdev.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1@%3Cdev.directory.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket"
}

FKIE_CVE-2020-11976

Vulnerability from fkie_nvd - Published: 2020-08-11 19:15 - Updated: 2024-11-21 04:59

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security@apache.org	https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E	Mailing List, Release Notes, Vendor Advisory
security@apache.org	https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E

Impacted products

Vendor	Product	Version
apache	fortress	2.0.5
apache	wicket	*
apache	wicket	*
apache	wicket	9.0.0
apache	wicket	9.0.0
apache	wicket	9.0.0
apache	wicket	9.0.0
apache	wicket	9.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:fortress:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E8415A-630F-49E7-884B-7709152FCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78B9CFEA-EB05-4194-AD11-E9FE027E8672",
              "versionEndExcluding": "7.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "433CC8EE-1FF6-4775-8BB3-C2856D0D6C84",
              "versionEndExcluding": "8.9.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:wicket:9.0.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "0AF306D2-9108-49E8-993F-41D3727A0928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:wicket:9.0.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "A5FEF5B5-EF69-4BD4-BACD-48B2997F1C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:wicket:9.0.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "A6150044-BE40-41C8-AE2A-4467FB112979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:wicket:9.0.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "1FC13E6E-5635-4A6F-809D-FF6E82105D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:wicket:9.0.0:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "CEEA9DE0-E0C9-4840-9928-A079136324F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5"
    },
    {
      "lang": "es",
      "value": "Al crear una URL especial, es posible hacer que Wicket entregue plantillas HTML no procesadas. Esto permitir\u00eda a un atacante visualizar informaci\u00f3n posiblemente confidencial dentro de una plantilla HTML que es com\u00fanmente eliminada durante la renderizaci\u00f3n. Est\u00e1n afectadas las versiones 7.16.0, 8.8.0 y 9.0.0-M5 de Apache Wicket"
    }
  ],
  "id": "CVE-2020-11976",
  "lastModified": "2024-11-21T04:59:01.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-11T19:15:17.220",
  "references": [
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-11976

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-11976

Aliases

CVE-2020-11976

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-11976",
    "description": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5",
    "id": "GSD-2020-11976"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-11976"
      ],
      "details": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5",
      "id": "GSD-2020-11976",
      "modified": "2023-12-13T01:22:07.257920Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2020-11976",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Wicket",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Apache Wicket 7.16.0, 8.8.0, 9.0.0-M5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E"
          },
          {
            "name": "[directory-commits] 20210513 [directory-fortress-commander] branch master updated: FC-293 - CVE-2020-11976 - upgrade wicket core -\u003e 8.9.0",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7@%3Ccommits.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210513 [jira] [Created] (FC-293) [fortress-web] CVE-2020-11976",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19@%3Cdev.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210514 [jira] [Closed] (FC-293) [fortress-web] CVE-2020-11976",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49@%3Cdev.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210626 [jira] [Updated] (FC-293) [fortress-web] CVE-2020-11976",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1@%3Cdev.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210626 [jira] [Resolved] (FC-293) [fortress-web] CVE-2020-11976",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22@%3Cdev.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210626 [jira] [Closed] (FC-293) [fortress-web] CVE-2020-11976",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff@%3Cdev.directory.apache.org%3E"
          },
          {
            "name": "[directory-dev] 20210626 [jira] [Reopened] (FC-293) [fortress-web] CVE-2020-11976",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923@%3Cdev.directory.apache.org%3E"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[7.16.0],[8.8.0],[9.0.0]",
          "affected_versions": "Version 7.16.0, version 8.8.0, version 9.0.0",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-200",
            "CWE-937"
          ],
          "date": "2021-07-21",
          "description": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside an HTML template that is usually removed during rendering.",
          "fixed_versions": [
            "7.17.0",
            "8.9.0",
            "9.1.0"
          ],
          "identifier": "CVE-2020-11976",
          "identifiers": [
            "CVE-2020-11976"
          ],
          "not_impacted": "All versions before 7.16.0, all versions after 7.16.0 before 8.8.0, all versions after 8.8.0 before 9.0.0, all versions after 9.0.0",
          "package_slug": "maven/org.apache.wicket/wicket-core",
          "pubdate": "2020-08-11",
          "solution": "Upgrade to versions 7.17.0, 8.9.0, 9.1.0 or above.",
          "title": "Information Exposure",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-11976"
          ],
          "uuid": "24c31349-db87-430e-a80b-6958f925e5c8"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:fortress:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.17.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.9.0",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:wicket:9.0.0:milestone1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:wicket:9.0.0:milestone2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:wicket:9.0.0:milestone3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:wicket:9.0.0:milestone4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:wicket:9.0.0:milestone5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-11976"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-552"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210513 [jira] [Created] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19@%3Cdev.directory.apache.org%3E"
            },
            {
              "name": "[directory-commits] 20210513 [directory-fortress-commander] branch master updated: FC-293 - CVE-2020-11976 - upgrade wicket core -\u003e 8.9.0",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7@%3Ccommits.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210514 [jira] [Closed] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49@%3Cdev.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210626 [jira] [Closed] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff@%3Cdev.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210626 [jira] [Updated] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1@%3Cdev.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210626 [jira] [Reopened] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923@%3Cdev.directory.apache.org%3E"
            },
            {
              "name": "[directory-dev] 20210626 [jira] [Resolved] (FC-293) [fortress-web] CVE-2020-11976",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22@%3Cdev.directory.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-04-26T17:06Z",
      "publishedDate": "2020-08-11T19:15Z"
    }
  }
}

CNVD-2020-48974

Vulnerability from cnvd - Published: 2020-08-28

Title

Apache Wicket信息泄露漏洞（CNVD-2020-48974）

Description

Apache Wicket是美国阿帕奇（Apache）软件基金会的一套开源、轻量、基于组件的框架，它提供了一种面向对象的方式来开发基于Web的动态UI应用程序。 Apache Wicket 7.16.0版本、8.8.0版本和9.0.0-M5版本中存在信息泄露漏洞，攻击者可借助特制的URL利用该漏洞读取HTML模板中的敏感信息。

Severity

中

Patch Name

Apache Wicket信息泄露漏洞（CNVD-2020-48974）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-11976

Impacted products

Name
['Apache Wicket 7.16.0', 'Apache Wicket 8.8.0', 'Apache Wicket 9.0.0-M5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11976",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-11976"
    }
  },
  "description": "Apache Wicket\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u3001\u8f7b\u91cf\u3001\u57fa\u4e8e\u7ec4\u4ef6\u7684\u6846\u67b6\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u79cd\u9762\u5411\u5bf9\u8c61\u7684\u65b9\u5f0f\u6765\u5f00\u53d1\u57fa\u4e8eWeb\u7684\u52a8\u6001UI\u5e94\u7528\u7a0b\u5e8f\u3002\n\nApache Wicket 7.16.0\u7248\u672c\u30018.8.0\u7248\u672c\u548c9.0.0-M5\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684URL\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6HTML\u6a21\u677f\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-48974",
  "openTime": "2020-08-28",
  "patchDescription": "Apache Wicket\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u3001\u8f7b\u91cf\u3001\u57fa\u4e8e\u7ec4\u4ef6\u7684\u6846\u67b6\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u79cd\u9762\u5411\u5bf9\u8c61\u7684\u65b9\u5f0f\u6765\u5f00\u53d1\u57fa\u4e8eWeb\u7684\u52a8\u6001UI\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nApache Wicket 7.16.0\u7248\u672c\u30018.8.0\u7248\u672c\u548c9.0.0-M5\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684URL\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6HTML\u6a21\u677f\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Wicket\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-48974\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Wicket 7.16.0",
      "Apache Wicket 8.8.0",
      "Apache Wicket 9.0.0-M5"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11976",
  "serverity": "\u4e2d",
  "submitTime": "2020-08-25",
  "title": "Apache Wicket\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-48974\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-11976 (GCVE-0-2020-11976)

GHSA-64GV-3PQV-299H

FKIE_CVE-2020-11976

GSD-2020-11976

CNVD-2020-48974

Tags

Sightings

Nomenclature