Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory paths during path verification. An attacker could possibly use this issue to bypass directory validation checks, leading to control-flow bypass. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23457)
Kevin W. Wall and Sebastian Passaro discovered that ESAPI did not properly sanitize javascript URLs because of an incorrect regular expression. An attacker could possibly use this issue to perform a cross-site scripting attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-24891)
Longlong Gong discovered that ESAPI did not properly neutralize special elements during SQL injection defense. A remote attacker could possibly use this issue to perform SQL injection. (CVE-2025-5878)
2.4.0.0-2ubuntu0.12.1.0-2ubuntu0.1~esm12.1.0-3ubuntu0.18.04.1~esm12.1.0-3ubuntu0.20.04.1~esm12.2.3.1-1ubuntu0.1~esm1