Alerts This Week
Warning Icon 1 690
Alerts This Week
Warning Icon 1 690

Ubuntu 24.04 LTS ESAPI Critical XSS Control-Flow Bypass USN-8181-1

ubuntu
Calendar Grey April 16, 2026
Dist Ubuntu Esm H88
Several security issues in ESAPI for Ubuntu fixed. Ensure your systems are updated for better protection.
Several security issues were fixed in ESAPI.

Summary

Several security issues were fixed in ESAPI.

Software Description:

- libowasp-esapi-java: Web application security control library from OWASP

Details:

Jaroslav Loba\u010devski discovered that ESAPI incorrectly validated directory

paths during path verification. An attacker could possibly use this issue

to bypass directory validation checks, leading to control-flow bypass. This

issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,

and Ubuntu 22.04 LTS. (CVE-2022-23457)

Kevin W. Wall and Sebastian Passaro discovered that ESAPI did not properly

sanitize javascript URLs because of an incorrect regular expression. An

attacker could possibly use this issue to perform a cross-site scripting

attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu

20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-24891)

Longlong Gong discovered that ESAPI did not properly neutralize special

elements during SQL injection defense. A remote attacker could possibly use

this...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical cross site scripting Ubuntu directory validation control-flow bypass

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libowasp-esapi-java             2.4.0.0-2ubuntu0.1

Ubuntu 22.04 LTS
  libowasp-esapi-java             2.2.3.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libowasp-esapi-java-doc         2.2.3.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  libowasp-esapi-java             2.1.0-3ubuntu0.20.04.1~esm1
                                  Available with Ubuntu Pro
  libowasp-esapi-java-doc         2.1.0-3ubuntu0.20.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libowasp-esapi-java             2.1.0-3ubuntu0.18.04.1~esm1
                                  Available with Ubuntu Pro
  libowasp-esapi-java-doc         2.1.0-3ubuntu0.18.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libowasp-esapi-java             2.1.0-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libowasp-esapi-java-doc         2.1.0-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8181-1

CVE-2022-23457, CVE-2022-24891, CVE-2025-5878

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8181-1

Topics%20covered

Topics Covered

security advisory critical cross site scripting Ubuntu directory validation control-flow bypass

Package Information

https://launchpad.net/ubuntu/+source/libowasp-esapi-java/2.4.0.0-2ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here