org.owasp.esapi:esapi is vulnerable to path traversal. A remote authenticated user is able to break out of expected directory via a crafted input through getValidDirectoryPath
function, because it may incorrectly treat the tested input string as a child of the specified parent directory.
github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt
github.com/ESAPI/esapi-java-legacy/commit/a0d67b75593878b1b6e39e2acc1773b3effedb2a
github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2
security.netapp.com/advisory/ntap-20230127-0014/
securitylab.github.com/advisories/GHSL-2022-008_The_OWASP_Enterprise_Security_API/
www.oracle.com/security-alerts/cpujul2022.html