Search for packages
| purl | pkg:maven/org.owasp.esapi/esapi@2.2.3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5gp7-nrrf-rqft
Aliases: GHSA-r68h-jhhj-9jvm GMS-2023-4888 |
Duplicate This advisory duplicates another. |
Affected by 0 other vulnerabilities. |
|
VCID-7fzb-kbs3-ffdm
Aliases: CVE-2022-23457 GHSA-8m5h-hrqm-pxm2 |
Path traversal in the OWASP Enterprise Security API The default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. |
Affected by 2 other vulnerabilities. |
|
VCID-tf97-ymu1-qkc6
Aliases: GHSA-7c2q-5qmr-v76q GMS-2023-3933 |
DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998 ESAPI 2.5.2.0 and later addressed the DoS vulnerability described in CVE-2023-24998, which Apache Commons FileUpload 1.5 attempted to remediate. But while writing up a new security bulletin regarding the impact on the affected ESAPI `HTTPUtilities.getFileUploads` methods (or more specifically those methods in the `DefaultHTTPUtilities` implementation class), I realized that a DoS vulnerability still persists in ESAPI and for that matter in Apache Commons FileUpload as well. |
Affected by 1 other vulnerability. |
|
VCID-vjjh-ajqh-kffb
Aliases: CVE-2022-24891 GHSA-q77q-vx4q-xx6q |
Cross-site Scripting in org.owasp.esapi:esapi There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause URLs with the "javascript:" scheme to NOT be sanitized. See the reference below for full details. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||