org.owasp.esapi:esapi@2.5.4.0 vulnerabilities

  • latest version

    2.5.5.0

  • first published

    14 years ago

  • latest version published

    2 months ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.owasp.esapi:esapi package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform.

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the HTTPUtilities.getFileUploads and ESAPIWebApplicationFirewallFilter methods, by uploading large numbers of files in a single upload or in a series of uploads.

    Note:

    If you are using any of the HTTPUtilities.getFileUploads methods, you are potentially affected.

    Upgrading to version 2.5.2.0 addresses the issue described in CVE-2023-24998 but to be fully protected the maintainer recommends taking additional prevention steps as described below.

    How to fix Denial of Service (DoS)?

    There is no fixed version for org.owasp.esapi:esapi.

    [0,)