[Git][security-tracker-team/security-tracker][master] CVE-2022-24891 CVE-2022-23457 libowasp-esapi-java

Neil Williams (@codehelp) codehelp at debian.org
Fri Apr 29 09:05:57 BST 2022



Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4010d7db by Neil Williams at 2022-04-29T09:05:28+01:00
CVE-2022-24891 CVE-2022-23457 libowasp-esapi-java

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13954,9 +13954,10 @@ CVE-2022-24893
 CVE-2022-24892 (Shopware is an open source e-commerce software platform. Starting with ...)
 	NOT-FOR-US: Shopware
 CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web  ...)
-	- libowasp-esapi-java <unfixed>
+	- libowasp-esapi-java <unfixed> (bug #1010339)
 	NOTE: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q
-	TODO: check details
+	NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf
+	NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt
 CVE-2022-24890
 	RESERVED
 CVE-2022-24889 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
@@ -18839,7 +18840,10 @@ CVE-2022-23459
 CVE-2022-23458
 	RESERVED
 CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web  ...)
-	NOT-FOR-US: ESAPI/esapi-java-legacy
+	- libowasp-esapi-java <unfixed> (bug #1010339)
+	NOTE: https://securitylab.github.com/advisories/GHSL-2022-008_The_OWASP_Enterprise_Security_API/
+	NOTE: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2
+	NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt
 CVE-2022-0314 (The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitis ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4010d7dbf1ce6d30e00bf734fd7334df267daa89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4010d7dbf1ce6d30e00bf734fd7334df267daa89
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220429/2b32dd29/attachment.htm>


More information about the debian-security-tracker-commits mailing list