CNNVD-202506-3686 Information
CNNVD ID
CNNVD-202506-3686
Related CVE
- CNNVD Published: 2025-06-29
Description (Chinese)
OWASP ESAPI是美国OWASP基金会的一个免费的、开源的、Web 应用程序安全控制库,使程序员可以更轻松地编写风险较低的应用程序。 OWASP ESAPI存在安全漏洞,该漏洞源于Encoder.encodeForSQL接口特殊元素中和不当,可能导致SQL注入攻击。
Description (English)
OWASP EAPI is a free, open-source, Web application security control library of the OWASP Foundation in the United States, which allows programmers to prepare less risky applications more easily. There is a security loophole in the OWASP ESAPI, which stems from the inaccuracy of special elements of the Encoder.encodeForSQL interface, which could lead to an attack by SQL.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
OWASP
Published
2025-06-29
Last Modified
2026-02-24
References
https://vuldb.com/?submit.590150 https://vuldb.com/?id.314321 https://github.com/uglory-gll/javasec/blob/main/ESAPI.md https://vuldb.com/?ctiid.314321 https://vuldb.com/?submit.590149 https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin13.pdf https://github.com/ESAPI/esapi-java-legacy/releases/tag/esapi-2.7.0.0 https://github.com/ESAPI/esapi-java-legacy/commit/e2322914304d9b1c52523ff24be495b7832f6a56 https://github.com/ESAPI/esapi-java-legacy/commit/f75ac2c2647a81d2cfbdc9c899f8719c240ed512 https://access.redhat.com/security/cve/cve-2025-5878 https://www.oracle.com/security-alerts/cpuoct2025.html
Patch
https://owasp.org/www-project-enterprise-security-api/
Share on: