advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-jcp9-796g-pv9p] Missing Cryptographic Step in OWASP Enterprise Security API for Java

Open MarkLee131 opened this issue 1 year ago • 2 comments

Updates

  • References

Comments Add a patch https://github.com/ESAPI/esapi-java-legacy/commit/41138fef5f63d9cf0d5e05d2bee2c7f682ffef3f, of which the commit message claims Fix for Google Issue #306 and changes to address the side effects of the fix (i.e., the removal of the deprecated ESAPI 1.4 encrypt() / decrypt() methods from the Encryptor interface).

MarkLee131 avatar Mar 03 '24 17:03 MarkLee131

Hey @MarkLee131, not sure I follow on this one. Can you elaborate on how you arrived at this commit?

darakian avatar Mar 05 '24 00:03 darakian

@darakian , hi, I wonder what additional information or format you want? :(

it seems the commit msg explicitly claims it fixed the issue 306 https://github.com/ESAPI/esapi-java-legacy/issues/306. the issue is also shown in the current reference link pointing to this CVE.

MarkLee131 avatar Mar 18 '24 13:03 MarkLee131

So it does. Thanks and sorry for missing that.

darakian avatar Mar 20 '24 17:03 darakian

Hi @MarkLee131! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

advisory-database[bot] avatar Mar 20 '24 17:03 advisory-database[bot]