Homepage

org.owasp.esapi:esapi@2.7.0.1-RC1 vulnerabilities

  • latest version

    2.7.0.0

  • first published

    15 years ago

  • latest version published

    7 months ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.owasp.esapi:esapi package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform.

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the HTTPUtilities.getFileUploads and ESAPIWebApplicationFirewallFilter methods, by uploading large numbers of files in a single upload or in a series of uploads.

    Note:

    If you are using any of the HTTPUtilities.getFileUploads methods, you are potentially affected.

    Upgrading to version 2.5.2.0 addresses the issue described in CVE-2023-24998 but to be fully protected the maintainer recommends taking additional prevention steps as described below.

    How to fix Denial of Service (DoS)?

    There is no fixed version for org.owasp.esapi:esapi.

    [0,)
    Go back to all versions of this package