Home / mailingsPDF  

[USN-8181-1] ESAPI vulnerabilities

Posted on 16 April 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8181-1
April 16, 2026

libowasp-esapi-java vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in ESAPI.

Software Description:
- libowasp-esapi-java: Web application security control library from OWASP

Details:

Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory
paths during path verification. An attacker could possibly use this issue
to bypass directory validation checks, leading to control-flow bypass. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-23457)

Kevin W. Wall and Sebastian Passaro discovered that ESAPI did not properly
sanitize javascript URLs because of an incorrect regular expression. An
attacker could possibly use this issue to perform a cross-site scripting
attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu
20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-24891)

Longlong Gong discovered that ESAPI did not properly neutralize special
elements during SQL injection defense. A remote attacker could possibly use
this issue to perform SQL injection. (CVE-2025-5878)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libowasp-esapi-java 2.4.0.0-2ubuntu0.1

Ubuntu 22.04 LTS
libowasp-esapi-java 2.2.3.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
libowasp-esapi-java-doc 2.2.3.1-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libowasp-esapi-java 2.1.0-3ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
libowasp-esapi-java-doc 2.1.0-3ubuntu0.20.04.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libowasp-esapi-java 2.1.0-3ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
libowasp-esapi-java-doc 2.1.0-3ubuntu0.18.04.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libowasp-esapi-java 2.1.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
libowasp-esapi-java-doc 2.1.0-2ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8181-1
CVE-2022-23457, CVE-2022-24891, CVE-2025-5878

Package Information:
https://launchpad.net/ubuntu/+source/libowasp-esapi-java/2.4.0.0-2ubuntu0.1

--===============2599609234301791982==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :