CVE-2020-11976: Information Exposure

August 11, 2020 (updated July 21, 2021)

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside an HTML template that is usually removed during rendering.

References

nvd.nist.gov/vuln/detail/CVE-2020-11976

Detect and mitigate CVE-2020-11976 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →