Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal in ESAPI
Vulnerability Description
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OWASP ESAPI 路径遍历漏洞
Vulnerability Description
OWASP ESAPI是一个免费的、开源的、Web 应用程序安全控制库,使程序员可以更轻松地编写风险较低的应用程序。 ESAPI 2.3.0.0之前版本存在路径遍历漏洞,该漏洞源于Validator.getValidDirectoryPath(String, String, File, boolean)的默认实现可能会错误地将测试的输入字符串视为指定父目录的子目录。
CVSS Information
N/A
Vulnerability Type
N/A