`org.owasp.esapi:esapi`

Ecosystem:
maven

Package URL:
pkg:maven/org.owasp.esapi:esapi

Total PRs:
69 Dependabot PRs

Latest PR:
about 2 months ago

Unique Repositories:
37 repositories

Unique Repos (30 days):
1 repository

Security Advisories

Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year

GHSA-r68h-jhhj-9jvm MODERATE published over 2 years ago • updated 2 months ago

### Impact The `Validator.isValidSafeHTML` method can result in false negatives where it reports some input as safe (i.e., returns true), but reall...

DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998

GHSA-7c2q-5qmr-v76q HIGH published over 2 years ago • updated 2 months ago

### Impact ESAPI 2.5.2.0 and later addressed the DoS vulnerability described in CVE-2023-24998, which Apache Commons FileUpload 1.5 attempted to r...

View all 7 advisories

Recent PRs

RSS Feed

Bump the maven group across 4 directories with 18 updates

jadenblack/product-ei #9

2.0.1 → 2.6.0.0 Minor PR

Open about 2 months ago 2 comments

Bump the maven group across 4 directories with 17 updates

jadenblack/product-ei #6

2.0.1 → 2.6.0.0 Minor PR

Closed 2 months ago 2 comments

Bump the maven group across 22 directories with 13 updates

djdiakametavers/opencast #1

2.5.3.1 → 2.6.0.0 Minor PR

Open 6 months ago 1 comment

deps: bump the minor-and-patch group in /backend with 13 updates

Yoriyoi-drop/Domian_name_.nexa #8

2.5.3.1 → 2.7.0.0 Minor PR

Open 6 months ago 2 comments

Bump the all-version group with 7 updates

dependabot-action-test/demo_repository_self_hosted #1

2.1.0.1 → 2.7.0.0 Minor PR

Open 7 months ago 1 comment

Bump the all-version group with 7 updates

dependabot-actions-legacy/demo_repository_not_self_hosted #1

2.1.0.1 → 2.7.0.0 Minor PR

Open 7 months ago 1 comment

Bump the all-version group with 7 updates

dependabot-action-test/demo-java-dependabot #1

2.1.0.1 → 2.7.0.0 Minor PR

Open 7 months ago 2 comments

Bump org.owasp.esapi:esapi from 2.5.2.0 to 2.6.0.0 in /logicaldoc-webapp

logicaldoc/community #104

2.5.2.0 → 2.6.0.0 Minor PR

Closed 9 months ago

Bump the maven group across 1 directory with 8 updates

PeezoslugOG/codeql #8

2.2.3.1 → 2.6.0.0 Minor PR

Open 10 months ago

Bump the maven group across 1 directory with 16 updates

luci-digital/cloudstack #2

2.1.0.1 → 2.6.0.0 Minor PR

Open 10 months ago

build(deps): bump org.owasp.esapi:esapi from 2.5.1.0 to 2.7.0.0

guidewire-oss/uaa #268

2.5.1.0 → 2.7.0.0 Minor PR

Open 10 months ago

Bump the all-maven-deps group across 3 directories with 62 updates

craftercms/craftercms #8310

2.6.2.0 → 2.7.0.0 Minor PR

Merged 10 months ago

Bump the maven group across 1 directory with 21 updates

rex21919/EUSURVEY #1

2.1.0.1 → 2.6.0.0 Minor PR

Open 10 months ago

Bump org.owasp.esapi:esapi from 2.1.0.1 to 2.6.0.0

essuarezdeveloper/copilot-case-study-devops-devsecops #2

2.1.0.1 → 2.6.0.0 Minor PR

Open 11 months ago

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.7.0.0

cx-benjamin-simpson/java-benchie-cx #2

2.6.0.0 → 2.7.0.0 Minor PR

Open 11 months ago 1 comment

Bump the all-maven-deps group across 2 directories with 26 updates

craftercms/craftercms #8258

2.6.2.0 → 2.7.0.0 Minor PR

Open 11 months ago

Bump the maven group across 1 directory with 2 updates

ravisinghrajput95/easybuggy-vulnerable-application #3

2.1.0.1 → 2.6.0.0 Minor PR

Open 11 months ago

Bump the maven group across 1 directory with 7 updates

H1d3r/DWSurvey #19

2.4.0.0 → 2.6.0.0 Minor PR

Open 11 months ago

Bump org.owasp.esapi:esapi from 2.1.0.1 to 2.6.0.0

ravisinghrajput95/easybuggy-vulnerable-application #2

2.1.0.1 → 2.6.0.0 Minor PR

Closed 11 months ago 1 comment

Bump org.owasp.esapi:esapi from 2.6.2.0 to 2.7.0.0

Stefan923/code-scanner-benchmark-ci #4

2.6.2.0 → 2.7.0.0 Minor PR

Open 11 months ago 1 comment

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.7.0.0

halfdayinc-team/nautilus-benchmarkjava #12

2.6.1.0 → 2.7.0.0 Minor PR

Open 11 months ago 1 comment

Bump org.owasp.esapi:esapi from 2.6.2.0 to 2.7.0.0

OWASP-Benchmark/BenchmarkJava #333

2.6.2.0 → 2.7.0.0 Minor PR

Merged 11 months ago

Bump org.owasp.esapi:esapi from 2.6.2.0 to 2.7.0.0

aspectran/aspectow-demo #42

2.6.2.0 → 2.7.0.0 Minor PR

Merged 11 months ago

Bump org.owasp.esapi:esapi from 2.6.2.0 to 2.7.0.0

jesperancinha/public-transport-declarer #499

2.6.2.0 → 2.7.0.0 Minor PR

Merged 11 months ago

Bump org.owasp.esapi:esapi from 2.6.2.0 to 2.7.0.0

dschadow/Java-Web-Security #286

2.6.2.0 → 2.7.0.0 Minor PR

Merged 11 months ago

Bump org.owasp.esapi:esapi from 2.6.2.0 to 2.7.0.0

dschadow/JavaSecurity #325

2.6.2.0 → 2.7.0.0 Minor PR

Open 11 months ago

Bump org.owasp.esapi:esapi from 2.6.2.0 to 2.7.0.0

ortus-boxlang/bx-esapi #23

2.6.2.0 → 2.7.0.0 Minor PR

Merged 11 months ago

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.7.0.0

Semaaii/OWASP-benchmark-java #16

2.6.0.0 → 2.7.0.0 Minor PR

Open 11 months ago 1 comment

Bump the dependencies group across 1 directory with 6 updates

MetalDetectorRocks/metal-detector-main #1676

2.6.1.0 → 2.6.2.0 Patch PR

Open 12 months ago 2 comments

Bump the maven group across 1 directory with 15 updates

offsoc/cloudstack #3

2.1.0.1 → 2.6.0.0 Minor PR

Merged 12 months ago

Bump the dependencies group across 1 directory with 4 updates

MetalDetectorRocks/metal-detector-main #1670

2.6.1.0 → 2.6.2.0 Patch PR

Open 12 months ago

Bump org.owasp.esapi:esapi from 2.5.4.0 to 2.6.0.0

geonetwork/core-geonetwork #8851

2.5.4.0 → 2.6.0.0 Minor PR

Open 12 months ago

Bump org.owasp.esapi:esapi from 2.5.4.0 to 2.6.0.0 in /core

geonetwork/core-geonetwork #8852

2.5.4.0 → 2.6.0.0 Minor PR

Open 12 months ago

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

ortus-boxlang/bx-esapi #15

2.6.1.0 → 2.6.2.0 Patch PR

Merged about 1 year ago

Bump the dependencies group across 1 directory with 2 updates

MetalDetectorRocks/metal-detector-main #1666

2.6.1.0 → 2.6.2.0 Patch PR

Closed about 1 year ago 1 comment

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.2.0

Semaaii/OWASP-benchmark-java #11

2.6.0.0 → 2.6.2.0 Patch PR

Closed about 1 year ago 2 comments

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

halfdayinc-team/nautilus-benchmarkjava #7

2.6.1.0 → 2.6.2.0 Patch PR

Closed about 1 year ago 2 comments

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.2.0

moontech69/Sichere-Webanwendungen-mit-Java-entwickeln #5

2.6.0.0 → 2.6.2.0 Patch PR

Closed about 1 year ago 1 comment

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

aspectran/aspectran-jpetstore #166

2.6.1.0 → 2.6.2.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

OWASP-Benchmark/BenchmarkJava #326

2.6.1.0 → 2.6.2.0 Patch PR

Open about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

jesperancinha/public-transport-declarer #490

2.6.1.0 → 2.6.2.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

dschadow/Java-Web-Security #278

2.6.1.0 → 2.6.2.0 Patch PR

Merged about 1 year ago

Bump the all-maven-deps group with 2 updates

craftercms/craftercms #8165

2.6.1.0 → 2.6.2.0 Patch PR

Open about 1 year ago

Bump the all-maven-deps group with 2 updates

craftercms/craftercms #8164

2.6.1.0 → 2.6.2.0 Patch PR

Open about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

dschadow/JavaSecurity #315

2.6.1.0 → 2.6.2.0 Patch PR

Open about 1 year ago

Bump the dependencies group across 1 directory with 11 updates

MetalDetectorRocks/metal-detector-main #1661

2.6.0.0 → 2.6.1.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.2.2.0 to 2.6.0.0

Rashdamada/Benchmark #3

2.2.2.0 → 2.6.0.0 Minor PR

Open about 1 year ago 1 comment

Bump org.owasp.esapi:esapi from 2.1.0.1 to 2.6.0.0

sapienshack/devsecops-jenkins-sast-sca-iac-cs-dast-e2e-repo #2

2.1.0.1 → 2.6.0.0 Minor PR

Merged about 1 year ago

Bump the dependencies group across 1 directory with 10 updates

MetalDetectorRocks/metal-detector-main #1658

2.6.0.0 → 2.6.1.0 Patch PR

Closed about 1 year ago 2 comments

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

craftercms/craftercms #8101

2.6.0.0 → 2.6.1.0 Patch PR

Open about 1 year ago 1 comment

Package Details

Name:	`org.owasp.esapi:esapi`
Ecosystem:	maven
PURL Type:	maven
Package URL:	`pkg:maven/org.owasp.esapi:esapi`
JSON API:	View JSON

Security Advisories

7

Active advisories

HIGH 2

MODERATE 4

LOW 1

View All maven Advisories

Package Information

Description:

The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

Repository:	https://github.com/ESAPI/esapi-java-legacy
Homepage:	https://owasp.org/www-project-enterprise-security-api/
Latest Release:	`2.1.0` almost 13 years ago
Dependent Repos:	1,483
Dependent Packages:	106
Ranking:	Top 0.3017% by dependent repos Top 0.7052% by dependent pkgs

PR Status

Open 32 (46.4%)

Merged 20 (29.0%)

Closed 12 (17.4%)

PR Types

Minor 37 (53.6%)

Patch 27 (39.1%)

org.owasp.esapi:esapi

Security Advisories

Missing Cryptographic Step in OWASP Enterprise Security API for Java

Path traversal in the OWASP Enterprise Security API

Cross-site Scripting in org.owasp.esapi:esapi

Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year

DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998

Recent PRs

Package Details

Security Advisories

7

Package Information

PR Status

PR Types

`org.owasp.esapi:esapi`