Posted on

Apache Wicket up to 6.24.0 Deserialize DiskFileItem DeferredFileOutputStream Loop denial of service

A vulnerability, which was classified as problematic, was found in Apache Wicket. Affected is the function DiskFileItem of the component Deserialize Handler. Upgrading to version 1.5.17 or 6.25.0 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.