{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T13:33:02.846","vulnerabilities":[{"cve":{"id":"CVE-2020-11976","sourceIdentifier":"security@apache.org","published":"2020-08-11T19:15:17.220","lastModified":"2024-11-21T04:59:01.770","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5"},{"lang":"es","value":"Al crear una URL especial, es posible hacer que Wicket entregue plantillas HTML no procesadas. Esto permitiría a un atacante visualizar información posiblemente confidencial dentro de una plantilla HTML que es comúnmente eliminada durante la renderización. Están afectadas las versiones 7.16.0, 8.8.0 y 9.0.0-M5 de Apache Wicket"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-552"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:fortress:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"D1E8415A-630F-49E7-884B-7709152FCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*","versionEndExcluding":"7.17.0","matchCriteriaId":"78B9CFEA-EB05-4194-AD11-E9FE027E8672"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.9.0","matchCriteriaId":"433CC8EE-1FF6-4775-8BB3-C2856D0D6C84"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:wicket:9.0.0:milestone1:*:*:*:*:*:*","matchCriteriaId":"0AF306D2-9108-49E8-993F-41D3727A0928"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:wicket:9.0.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"A5FEF5B5-EF69-4BD4-BACD-48B2997F1C31"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:wicket:9.0.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"A6150044-BE40-41C8-AE2A-4467FB112979"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:wicket:9.0.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"1FC13E6E-5635-4A6F-809D-FF6E82105D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:wicket:9.0.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"CEEA9DE0-E0C9-4840-9928-A079136324F0"}]}]}],"references":[{"url":"https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Release Notes","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Release Notes","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}