[Git][security-tracker-team/security-tracker][master] CVE-2022-24891 CVE-2022-23457 libowasp-esapi-java
Neil Williams (@codehelp)
codehelp at debian.org
Fri Apr 29 09:05:57 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4010d7db by Neil Williams at 2022-04-29T09:05:28+01:00
CVE-2022-24891 CVE-2022-23457 libowasp-esapi-java
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13954,9 +13954,10 @@ CVE-2022-24893
CVE-2022-24892 (Shopware is an open source e-commerce software platform. Starting with ...)
NOT-FOR-US: Shopware
CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
- - libowasp-esapi-java <unfixed>
+ - libowasp-esapi-java <unfixed> (bug #1010339)
NOTE: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q
- TODO: check details
+ NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf
+ NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt
CVE-2022-24890
RESERVED
CVE-2022-24889 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
@@ -18839,7 +18840,10 @@ CVE-2022-23459
CVE-2022-23458
RESERVED
CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
- NOT-FOR-US: ESAPI/esapi-java-legacy
+ - libowasp-esapi-java <unfixed> (bug #1010339)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2022-008_The_OWASP_Enterprise_Security_API/
+ NOTE: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2
+ NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt
CVE-2022-0314 (The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4010d7dbf1ce6d30e00bf734fd7334df267daa89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4010d7dbf1ce6d30e00bf734fd7334df267daa89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220429/2b32dd29/attachment.htm>
More information about the debian-security-tracker-commits
mailing list