Maven package
org.owasp.esapi/esapi
pkg:maven/org.owasp.esapi/esapi
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24891 | — | < 2.3.0.0 | 2.3.0.0 | Apr 27, 2022 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy- | ||
| CVE-2022-23457 | — | < 2.3.0.0 | 2.3.0.0 | Apr 25, 2022 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a | ||
| CVE-2010-3300 | — | < 2.0GA | 2.0GA | Jun 22, 2021 | It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. | ||
| CVE-2013-5960 | — | >= 2.0.0.0, < 2.1.0.1 | 2.1.0.1 | Sep 30, 2013 | The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cr | ||
| CVE-2013-5679 | — | >= 2.0.0, < 2.1.0 | 2.1.0 | Sep 30, 2013 | The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryp |
- CVE-2022-24891Apr 27, 2022affected < 2.3.0.0fixed 2.3.0.0
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-
- CVE-2022-23457Apr 25, 2022affected < 2.3.0.0fixed 2.3.0.0
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a
- CVE-2010-3300Jun 22, 2021affected < 2.0GAfixed 2.0GA
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
- CVE-2013-5960Sep 30, 2013affected >= 2.0.0.0, < 2.1.0.1fixed 2.1.0.1
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cr
- CVE-2013-5679Sep 30, 2013affected >= 2.0.0, < 2.1.0fixed 2.1.0
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryp