org.owasp.esapi:esapi

Maven5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.owasp.esapi:esapipage 1 of 1

CVE-2010-3300MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.0GA
2021-06-22
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
CVE-2013-5679NONECVSS 0.0EG 0.0✓ Fixed in 2.1.0
2013-09-30
vulnerable: 2.0.1, 2.0GA, 2.0_rc10, 2.0_rc11, 2.0_rc9
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for…
CVE-2013-5960NONECVSS 0.0EG 0.0✓ Fixed in 2.1.0.1
2013-09-30
vulnerable: 2.0.1 ... 2.1.0 (6 versions)
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier f…
CVE-2022-23457HIGHCVSS 7.5EG 7.5✓ Fixed in 2.3.0.0
2022-04-25
vulnerable: 2.0.1 ... 2.2.3.1 (16 versions)
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorr…
CVE-2022-24891MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.3.0.0
2022-04-27
vulnerable: 2.0.1 ... 2.2.3.1 (16 versions)
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expr…

Check whether org.owasp.esapi:esapi is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.owasp.esapi:esapi CVEs against the assets you own.

Start Free Scan →