{"id":"USN-8181-1","summary":"libowasp-esapi-java vulnerabilities","details":"Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory\npaths during path verification. An attacker could possibly use this issue\nto bypass directory validation checks, leading to control-flow bypass. This\nissue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-23457)\n\nKevin W. Wall and Sebastian Passaro discovered that ESAPI did not properly\nsanitize javascript URLs because of an incorrect regular expression. An\nattacker could possibly use this issue to perform a cross-site scripting\nattack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu\n20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-24891)\n\nLonglong Gong discovered that ESAPI did not properly neutralize special\nelements during SQL injection defense. A remote attacker could possibly use\nthis issue to perform SQL injection. (CVE-2025-5878)","modified":"2026-04-24T10:13:00.707977Z","published":"2026-04-16T17:56:26Z","related":["UBUNTU-CVE-2022-23457","UBUNTU-CVE-2022-24891","UBUNTU-CVE-2025-5878"],"upstream":["CVE-2022-23457","CVE-2022-24891","CVE-2025-5878","UBUNTU-CVE-2022-23457","UBUNTU-CVE-2022-24891","UBUNTU-CVE-2025-5878"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8181-1"}],"affected":[{"package":{"name":"libowasp-esapi-java","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/libowasp-esapi-java@2.1.0-2ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-2ubuntu0.1~esm1"}]}],"versions":["2.1.0-2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libowasp-esapi-java","binary_version":"2.1.0-2ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8181-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"libowasp-esapi-java","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/libowasp-esapi-java@2.1.0-3ubuntu0.18.04.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-3ubuntu0.18.04.1~esm1"}]}],"versions":["2.1.0-3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libowasp-esapi-java","binary_version":"2.1.0-3ubuntu0.18.04.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8181-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"libowasp-esapi-java","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/libowasp-esapi-java@2.1.0-3ubuntu0.20.04.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-3ubuntu0.20.04.1~esm1"}]}],"versions":["2.1.0-3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libowasp-esapi-java","binary_version":"2.1.0-3ubuntu0.20.04.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8181-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"libowasp-esapi-java","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/libowasp-esapi-java@2.2.3.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.3.1-1ubuntu0.1~esm1"}]}],"versions":["2.1.0-3.1","2.2.3.1-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libowasp-esapi-java","binary_version":"2.2.3.1-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8181-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}},{"package":{"name":"libowasp-esapi-java","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/libowasp-esapi-java@2.4.0.0-2ubuntu0.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.0.0-2ubuntu0.1"}]}],"versions":["2.4.0.0-2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libowasp-esapi-java","binary_version":"2.4.0.0-2ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8181-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:24.04:LTS"}}}],"schema_version":"1.7.5"}