Critical ESAPI Vulnerabilities Affect Multiple Ubuntu Releases

Critical ESAPI Vulnerabilities Affect Multiple Ubuntu Releases

First seen 17 Apr 2026, 01:31 UTC UbuntuLinuxsecuritylaunchpad.net 86% similarity 70.5

Article Content

Browse articles
ThreatCluster

Recent vulnerabilities in the ESAPI library have been identified, impacting several versions of Ubuntu, including 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS. The vulnerabilities include a control-flow bypass due to improper directory path validation (CVE-2022-23457), cross-site scripting due to improper sanitization of JavaScript URLs (CVE-2022-24891), and SQL injection flaws (CVE-2025-5878). These issues could allow attackers to exploit the affected systems through various attack vectors, including bypassing directory validation and executing malicious scripts. Users are advised to update their systems to the latest package versions to mitigate these vulnerabilities. The vulnerabilities were discovered by researchers Jaroslav Lobačevski, Kevin W. Wall, Sebastian Passaro, and Longlong Gong. The patches for these vulnerabilities are available as part of standard system updates. The vulnerabilities primarily affect web applications utilizing the ESAPI library.

Key Points: • Multiple critical vulnerabilities found in ESAPI affecting Ubuntu LTS versions. • CVE-2022-23457 allows control-flow bypass via improper directory validation. • Users must update their systems to mitigate these vulnerabilities.

ThreatCluster AI

Timeline

2022-04-25
CVE-2022-23457 published
2022-04-27
CVE-2022-24891 published
2025-06-29
CVE-2025-5878 published
2026-04-16
Ubuntu releases security updates for ESAPI vulnerabilities

Community

Browse all →