VYPR

Maven package

org.owasp.esapi/esapi

pkg:maven/org.owasp.esapi/esapi

Vulnerabilities (5)

  • CVE-2022-24891Apr 27, 2022
    affected < 2.3.0.0fixed 2.3.0.0

    ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-

  • CVE-2022-23457Apr 25, 2022
    affected < 2.3.0.0fixed 2.3.0.0

    ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a

  • CVE-2010-3300Jun 22, 2021
    affected < 2.0GAfixed 2.0GA

    It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.

  • CVE-2013-5960Sep 30, 2013
    affected >= 2.0.0.0, < 2.1.0.1fixed 2.1.0.1

    The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cr

  • CVE-2013-5679Sep 30, 2013
    affected >= 2.0.0, < 2.1.0fixed 2.1.0

    The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryp