`org.owasp.esapi:esapi`

Ecosystem:
maven

Package URL:
pkg:maven/org.owasp.esapi:esapi

Total PRs:
69 Dependabot PRs

Latest PR:
about 2 months ago

Unique Repositories:
37 repositories

Unique Repos (30 days):
1 repository

Security Advisories

Missing Cryptographic Step in OWASP Enterprise Security API for Java

GHSA-2g56-7jv7-wxxq CVE-2013-5960 MODERATE published about 4 years ago • updated 6 days ago

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2....

Path traversal in the OWASP Enterprise Security API

GHSA-8m5h-hrqm-pxm2 CVE-2022-23457 HIGH published about 4 years ago • updated about 1 month ago

### Impact The default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input st...

Cross-site Scripting in org.owasp.esapi:esapi

GHSA-q77q-vx4q-xx6q CVE-2022-24891 MODERATE published about 4 years ago • updated 5 days ago

### Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi....

Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year

GHSA-r68h-jhhj-9jvm MODERATE published over 2 years ago • updated 2 months ago

### Impact The `Validator.isValidSafeHTML` method can result in false negatives where it reports some input as safe (i.e., returns true), but reall...

DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998

GHSA-7c2q-5qmr-v76q HIGH published over 2 years ago • updated 2 months ago

### Impact ESAPI 2.5.2.0 and later addressed the DoS vulnerability described in CVE-2023-24998, which Apache Commons FileUpload 1.5 attempted to r...

View all 7 advisories

Recent PRs (filtered by: Patch PRs )

RSS Feed Clear filter

Bump the dependencies group across 1 directory with 6 updates

MetalDetectorRocks/metal-detector-main #1676

2.6.1.0 → 2.6.2.0 Patch PR

Open 12 months ago 2 comments

Bump the dependencies group across 1 directory with 4 updates

MetalDetectorRocks/metal-detector-main #1670

2.6.1.0 → 2.6.2.0 Patch PR

Open 12 months ago

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

ortus-boxlang/bx-esapi #15

2.6.1.0 → 2.6.2.0 Patch PR

Merged about 1 year ago

Bump the dependencies group across 1 directory with 2 updates

MetalDetectorRocks/metal-detector-main #1666

2.6.1.0 → 2.6.2.0 Patch PR

Closed about 1 year ago 1 comment

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.2.0

Semaaii/OWASP-benchmark-java #11

2.6.0.0 → 2.6.2.0 Patch PR

Closed about 1 year ago 2 comments

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

halfdayinc-team/nautilus-benchmarkjava #7

2.6.1.0 → 2.6.2.0 Patch PR

Closed about 1 year ago 2 comments

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.2.0

moontech69/Sichere-Webanwendungen-mit-Java-entwickeln #5

2.6.0.0 → 2.6.2.0 Patch PR

Closed about 1 year ago 1 comment

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

aspectran/aspectran-jpetstore #166

2.6.1.0 → 2.6.2.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

OWASP-Benchmark/BenchmarkJava #326

2.6.1.0 → 2.6.2.0 Patch PR

Open about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

jesperancinha/public-transport-declarer #490

2.6.1.0 → 2.6.2.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

dschadow/Java-Web-Security #278

2.6.1.0 → 2.6.2.0 Patch PR

Merged about 1 year ago

Bump the all-maven-deps group with 2 updates

craftercms/craftercms #8165

2.6.1.0 → 2.6.2.0 Patch PR

Open about 1 year ago

Bump the all-maven-deps group with 2 updates

craftercms/craftercms #8164

2.6.1.0 → 2.6.2.0 Patch PR

Open about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

dschadow/JavaSecurity #315

2.6.1.0 → 2.6.2.0 Patch PR

Open about 1 year ago

Bump the dependencies group across 1 directory with 11 updates

MetalDetectorRocks/metal-detector-main #1661

2.6.0.0 → 2.6.1.0 Patch PR

Merged about 1 year ago

Bump the dependencies group across 1 directory with 10 updates

MetalDetectorRocks/metal-detector-main #1658

2.6.0.0 → 2.6.1.0 Patch PR

Closed about 1 year ago 2 comments

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

craftercms/craftercms #8101

2.6.0.0 → 2.6.1.0 Patch PR

Open about 1 year ago 1 comment

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

craftercms/craftercms #8098

2.6.0.0 → 2.6.1.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

dschadow/Java-Web-Security #276

2.6.0.0 → 2.6.1.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

dschadow/JavaSecurity #311

2.6.0.0 → 2.6.1.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

Semaaii/OWASP-benchmark-java #7

2.6.0.0 → 2.6.1.0 Patch PR

Closed about 1 year ago 2 comments

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

moontech69/Sichere-Webanwendungen-mit-Java-entwickeln #3

2.6.0.0 → 2.6.1.0 Patch PR

Closed about 1 year ago 1 comment

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

aspectran/aspectran-jpetstore #163

2.6.0.0 → 2.6.1.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

hdgittest/BenchmarkJava #22

2.6.0.0 → 2.6.1.0 Patch PR

Closed about 1 year ago 3 comments

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

OWASP-Benchmark/BenchmarkJava #322

2.6.0.0 → 2.6.1.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

aspectran/aspectow-demo #33

2.6.0.0 → 2.6.1.0 Patch PR

Merged about 1 year ago

Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

jesperancinha/public-transport-declarer #485

2.6.0.0 → 2.6.1.0 Patch PR

Merged about 1 year ago

Package Details

Name:	`org.owasp.esapi:esapi`
Ecosystem:	maven
PURL Type:	maven
Package URL:	`pkg:maven/org.owasp.esapi:esapi`
JSON API:	View JSON

Security Advisories

7

Active advisories

HIGH 2

MODERATE 4

LOW 1

View All maven Advisories

Package Information

Description:

The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

Repository:	https://github.com/ESAPI/esapi-java-legacy
Homepage:	https://owasp.org/www-project-enterprise-security-api/
Latest Release:	`2.1.0` almost 13 years ago
Dependent Repos:	1,483
Dependent Packages:	106
Ranking:	Top 0.3017% by dependent repos Top 0.7052% by dependent pkgs

PR Status

Open 32 (46.4%)

Merged 20 (29.0%)

Closed 12 (17.4%)

PR Types

Minor 37 (53.6%)

Patch 27 (39.1%)