Back

Critical ESAPI Vulnerabilities Affect Multiple Ubuntu Releases

Severity: High (Score: 70.5)

Sources: Ubuntu, launchpad.net, Linuxsecurity

Summary

Recent vulnerabilities in the ESAPI library have been identified, impacting several versions of Ubuntu, including 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS. The vulnerabilities include a control-flow bypass due to improper directory path validation (CVE-2022-23457), cross-site scripting due to improper sanitization of JavaScript URLs (CVE-2022-24891), and SQL injection flaws (CVE-2025-5878). These issues could allow attackers to exploit the affected systems through various attack vectors, including bypassing directory validation and executing malicious scripts. Users are advised to update their systems to the latest package versions to mitigate these vulnerabilities. The vulnerabilities were discovered by researchers Jaroslav Lobačevski, Kevin W. Wall, Sebastian Passaro, and Longlong Gong. The patches for these vulnerabilities are available as part of standard system updates. The vulnerabilities primarily affect web applications utilizing the ESAPI library. Key Points: • Multiple critical vulnerabilities found in ESAPI affecting Ubuntu LTS versions. • CVE-2022-23457 allows control-flow bypass via improper directory validation. • Users must update their systems to mitigate these vulnerabilities.

Key Entities

  • Cross-site Scripting (attack_type)
  • Sql Injection (attack_type)
  • XSS (vulnerability)
  • CVE-2022-23457 (cve)
  • CVE-2022-24891 (cve)
  • CVE-2025-5878 (cve)
  • CWE-22 - Path Traversal (cwe)
  • Cwe-79 - Cross-site Scripting (xss) (cwe)
  • Cwe-89 - SQL Injection (cwe)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed