org.owasp.esapi:esapi@2.0_rc11 vulnerabilities
-
latest version
2.5.3.1
-
first published
14 years ago
-
latest version published
6 months ago
-
licenses detected
- [2.0_rc10,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.owasp.esapi:esapi package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the Notes:
How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform. Affected versions of this package are vulnerable to Denial of Service (DoS) in the Note: If you are using any of the Upgrading to version 2.5.2.0 addresses the issue described in CVE-2023-24998 but to be fully protected the maintainer recommends taking additional prevention steps as described below. How to fix Denial of Service (DoS)? There is no fixed version for |
[0,)
|
org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade |
[,2.3.0.0)
|
org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform. Affected versions of this package are vulnerable to Directory Traversal via the default implementation of the Note:
As a workaround, it is possible to write one's own implementation of the Validator interface by sub-classing a version of the affected How to fix Directory Traversal? Upgrade |
[,2.3.0.0)
|
org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform. Affected versions of this package are vulnerable to Oracle Padding Attack due to improper configurations of the encryption API. How to fix Oracle Padding Attack? Upgrade |
[,2.0GA)
|
org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via alteration of local ESAPI configuration and loading XML version of the ESAPI properties file. How to fix XML External Entity (XXE) Injection? Upgrade |
[0,2.2.3.0)
|
org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform. Affected versions of this package are vulnerable to MAC validation Bypass. The library does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679. How to fix MAC validation Bypass? Upgrade |
[,2.1.0.1)
|