CVE-2022-24891 – Cross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
https://notcve.org/view.php?id=CVE-2022-24891
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin. • https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q https://security.netapp.com/advisory/ntap-20230127-0014 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-23457 – Path Traversal in ESAPI
https://notcve.org/view.php?id=CVE-2022-23457
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. • https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 https://security.netapp.com/advisory/ntap-20230127-0014 https://securitylab.github.com/advisories/GHSL-2022-008_The_OWASP_Enterprise_Security_API https://www.oracle.com/security-alerts/cpujul2022.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-27820
https://notcve.org/view.php?id=CVE-2022-27820
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server. OWASP Zed Attack Proxy (ZAP) versiones hasta w2022-03-21, no verifica la cadena de certificados TLS de un servidor HTTPS • http://www.openwall.com/lists/oss-security/2022/03/24/3 https://github.com/zaproxy/zaproxy/issues/7165 https://github.com/zaproxy/zaproxy/releases https://www.openwall.com/lists/oss-security/2022/03/23/1 • CWE-295: Improper Certificate Validation •
CVE-2021-35368
https://notcve.org/view.php?id=CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. OWASP ModSecurity Core Rule Set versiones 3.1.x anteriores a 3.1.2, 3.2.x anteriores a 3.2.1 y 3.3.x anteriores a 3.3.2, está afectado por un desvío del cuerpo de la petición por medio de un nombre de ruta final • https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass https://lists.debian.org/debian-lts-announce/2023/01/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MS5GMNYHFFIBWLJW7N3XAD24SLF3PFZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IVYUJOKHDEXFTM2CZMEESJ6TZSPVNSSZ https://owasp.org/www-project-modsecurity-core-rule-set https://portswigger.net/daily-swig/lessons-learned-how-a-severe-vulnerability-in-the-o •
CVE-2021-42575 – owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution
https://notcve.org/view.php?id=CVE-2021-42575
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. OWASP Java HTML Sanitizer versiones anteriores a 20211018.1, no aplica apropiadamente las políticas asociadas a los elementos SELECT, STYLE y OPTION • https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50 https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2021-42575 https://bugzilla.redhat.com/show_bug.cgi?id=2027195 • CWE-20: Improper Input Validation •